Details of VAR-202401-2573

ID

VAR-202401-2573

CVE

CVE-2023-6548

TITLE

Citrix NetScaler ADC and NetScaler Gateway have code injection vulnerabilities

Trust: 0.6

sources: CNVD: CNVD-2024-17820

DESCRIPTION

Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway allows an attacker with access to NSIP, CLIP or SNIP with management interface to perform Authenticated (low privileged) remote code execution on Management Interface. NetScaler ADC is an application delivery controller. NetScaler Gateway is an access gateway with an SSL VPN solution that provides single sign-on and authentication for remote end users of network assets. Both are products of Citrix

Trust: 1.44

sources: NVD: CVE-2023-6548 // CNVD: CNVD-2024-17820

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2024-17820

AFFECTED PRODUCTS

vendor:	citrix	model:	netscaler gateway	scope:	lt	version:	13.1-51.15	Trust: 1.0
vendor:	citrix	model:	netscaler gateway	scope:	gte	version:	13.0	Trust: 1.0
vendor:	citrix	model:	netscaler application delivery controller	scope:	lt	version:	13.0-92.21	Trust: 1.0
vendor:	citrix	model:	netscaler application delivery controller	scope:	lt	version:	13.1-51.15	Trust: 1.0
vendor:	citrix	model:	netscaler application delivery controller	scope:	lt	version:	14.1-12.35	Trust: 1.0
vendor:	citrix	model:	netscaler application delivery controller	scope:	lt	version:	13.1-37.176	Trust: 1.0
vendor:	citrix	model:	netscaler application delivery controller	scope:	gte	version:	14.1	Trust: 1.0
vendor:	citrix	model:	netscaler gateway	scope:	gte	version:	14.1	Trust: 1.0
vendor:	citrix	model:	netscaler application delivery controller	scope:	gte	version:	12.1	Trust: 1.0
vendor:	citrix	model:	netscaler application delivery controller	scope:	gte	version:	13.1	Trust: 1.0
vendor:	citrix	model:	netscaler application delivery controller	scope:	lt	version:	12.1-55.302	Trust: 1.0
vendor:	citrix	model:	netscaler gateway	scope:	lt	version:	13.0-92.21	Trust: 1.0
vendor:	citrix	model:	netscaler gateway	scope:	gte	version:	13.1	Trust: 1.0
vendor:	citrix	model:	netscaler application delivery controller	scope:	gte	version:	13.0	Trust: 1.0
vendor:	citrix	model:	netscaler gateway	scope:	lt	version:	14.1-12.35	Trust: 1.0
vendor:	citrix	model:	netscaler gateway	scope:	gte	version:	13.0,<13.0-92.21	Trust: 0.6
vendor:	citrix	model:	netscaler gateway	scope:	gte	version:	13.1,<13.1-51.15	Trust: 0.6
vendor:	citrix	model:	netscaler gateway	scope:	gte	version:	14.1,<14.1-12.35	Trust: 0.6
vendor:	citrix	model:	netscaler application delivery controller	scope:	gte	version:	12.1,<12.1-55.302	Trust: 0.6
vendor:	citrix	model:	netscaler application delivery controller	scope:	gte	version:	13.1,<13.1-37.176	Trust: 0.6
vendor:	citrix	model:	netscaler application delivery controller	scope:	gte	version:	13.0,<13.0-92.21	Trust: 0.6
vendor:	citrix	model:	netscaler application delivery controller	scope:	gte	version:	13.1,<13.1-51.15	Trust: 0.6
vendor:	citrix	model:	netscaler application delivery controller	scope:	gte	version:	14.1,<14.1-12.35	Trust: 0.6

sources: CNVD: CNVD-2024-17820 // NVD: CVE-2023-6548

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2023-6548
value:	HIGH
Trust: 1.0
secure@citrix.com:	CVE-2023-6548
value:	MEDIUM
Trust: 1.0
CNVD:	CNVD-2024-17820
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2024-17820
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2023-6548
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
secure@citrix.com:	CVE-2023-6548
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	2.1
impactScore:	3.4
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2024-17820 // NVD: CVE-2023-6548 // NVD: CVE-2023-6548

PROBLEMTYPE DATA

problemtype:

CWE-94

Trust: 1.0

sources: NVD: CVE-2023-6548

PATCH

title:

Patch for Citrix NetScaler ADC and NetScaler Gateway have code injection vulnerabilities

url:

https://www.cnvd.org.cn/patchInfo/show/541131

Trust: 0.6

sources: CNVD: CNVD-2024-17820

EXTERNAL IDS

db:	NVD	id:	CVE-2023-6548	Trust: 1.6
db:	CNVD	id:	CNVD-2024-17820	Trust: 0.6

sources: CNVD: CNVD-2024-17820 // NVD: CVE-2023-6548

REFERENCES

url:	https://support.citrix.com/article/ctx584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549	Trust: 1.0
url:	https://support.citrix.com/article/ctx584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549https	Trust: 0.6

sources: CNVD: CNVD-2024-17820 // NVD: CVE-2023-6548

SOURCES

db:	CNVD	id:	CNVD-2024-17820
db:	NVD	id:	CVE-2023-6548

LAST UPDATE DATE

2024-08-14T15:20:39.803000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2024-17820	date:	2024-04-12T00:00:00
db:	NVD	id:	CVE-2023-6548	date:	2024-01-25T16:45:58.287

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2024-17820	date:	2024-04-12T00:00:00
db:	NVD	id:	CVE-2023-6548	date:	2024-01-17T20:15:50.627