CVE-2023-6548

moderate-risk
Published 2024-01-17

Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway allows an attacker with access to NSIP, CLIP or SNIP with management interface to perform Authenticated (low privileged) remote code execution on Management Interface.

Do I need to act?

~
8.3% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.5/10 Medium
ADJACENT_NETWORK / LOW complexity

Affected Products (4)

Affected Vendors

Citrix

References (3)

Vendor Advisory https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway...
Vendor Advisory https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway...
US Government Resource https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-...
45
/ 100
moderate-risk
Severity 18/34 · Moderate
Exploitability 17/34 · Moderate
Exposure 10/34 · Low