CVE-2023-6548

Severity CVSS v4.0:
Pending analysis
Type:
CWE-94 Code Injection
Publication date:
17/01/2024
Last modified:
27/01/2025

Description

Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway allows an attacker with access to NSIP, CLIP or SNIP with management interface to perform Authenticated (low privileged) remote code execution on Management Interface.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:* 12.1 (including) 12.1-55.302 (excluding)
cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:ndcpp:*:*:* 12.1 (including) 12.1-55.302 (excluding)
cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:* 13.0 (including) 13.0-92.21 (excluding)
cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:* 13.1 (including) 13.1-37.176 (excluding)
cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:* 13.1 (including) 13.1-51.15 (excluding)
cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:* 14.1 (including) 14.1-12.35 (excluding)
cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:* 13.0 (including) 13.0-92.21 (excluding)
cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:* 13.1 (including) 13.1-51.15 (excluding)
cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:* 14.1 (including) 14.1-12.35 (excluding)