Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-6548

Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway allows an attacker with access to NSIP, CLIP or SNIP with management interface to perform Authenticated (low privileged) remote code execution on Management Interface.

Published

2024-01-17T20:15:50.627

Last Modified

2025-01-27T21:48:11.423

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 5.5 (MEDIUM)

Weaknesses

Type: Secondary
CWE-94
Type: Primary
CWE-94

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	citrix	netscaler_application_delivery_controller	< 12.1-55.302	Yes
Application	citrix	netscaler_application_delivery_controller	< 12.1-55.302	Yes
Application	citrix	netscaler_application_delivery_controller	< 13.0-92.21	Yes
Application	citrix	netscaler_application_delivery_controller	< 13.1-37.176	Yes
Application	citrix	netscaler_application_delivery_controller	< 13.1-51.15	Yes
Application	citrix	netscaler_application_delivery_controller	< 14.1-12.35	Yes
Application	citrix	netscaler_gateway	< 13.0-92.21	Yes
Application	citrix	netscaler_gateway	< 13.1-51.15	Yes
Application	citrix	netscaler_gateway	< 14.1-12.35	Yes

References

https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549 Vendor Advisory ([email protected])
https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)