ID

VAR-202401-2573


CVE

CVE-2023-6548


TITLE

Citrix NetScaler ADC and NetScaler Gateway have code injection vulnerabilities

Trust: 0.6

sources: CNVD: CNVD-2024-17820

DESCRIPTION

Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway allows an attacker with access to NSIP, CLIP or SNIP with management interface to perform Authenticated (low privileged) remote code execution on Management Interface. NetScaler ADC is an application delivery controller. NetScaler Gateway is an access gateway with an SSL VPN solution that provides single sign-on and authentication for remote end users of network assets. Both are products of Citrix

Trust: 1.44

sources: NVD: CVE-2023-6548 // CNVD: CNVD-2024-17820

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2024-17820

AFFECTED PRODUCTS

vendor:citrixmodel:netscaler gatewayscope:ltversion:13.1-51.15

Trust: 1.0

vendor:citrixmodel:netscaler gatewayscope:gteversion:13.0

Trust: 1.0

vendor:citrixmodel:netscaler application delivery controllerscope:ltversion:13.0-92.21

Trust: 1.0

vendor:citrixmodel:netscaler application delivery controllerscope:ltversion:13.1-51.15

Trust: 1.0

vendor:citrixmodel:netscaler application delivery controllerscope:ltversion:14.1-12.35

Trust: 1.0

vendor:citrixmodel:netscaler application delivery controllerscope:ltversion:13.1-37.176

Trust: 1.0

vendor:citrixmodel:netscaler application delivery controllerscope:gteversion:14.1

Trust: 1.0

vendor:citrixmodel:netscaler gatewayscope:gteversion:14.1

Trust: 1.0

vendor:citrixmodel:netscaler application delivery controllerscope:gteversion:12.1

Trust: 1.0

vendor:citrixmodel:netscaler application delivery controllerscope:gteversion:13.1

Trust: 1.0

vendor:citrixmodel:netscaler application delivery controllerscope:ltversion:12.1-55.302

Trust: 1.0

vendor:citrixmodel:netscaler gatewayscope:ltversion:13.0-92.21

Trust: 1.0

vendor:citrixmodel:netscaler gatewayscope:gteversion:13.1

Trust: 1.0

vendor:citrixmodel:netscaler application delivery controllerscope:gteversion:13.0

Trust: 1.0

vendor:citrixmodel:netscaler gatewayscope:ltversion:14.1-12.35

Trust: 1.0

vendor:citrixmodel:netscaler gatewayscope:gteversion:13.0,<13.0-92.21

Trust: 0.6

vendor:citrixmodel:netscaler gatewayscope:gteversion:13.1,<13.1-51.15

Trust: 0.6

vendor:citrixmodel:netscaler gatewayscope:gteversion:14.1,<14.1-12.35

Trust: 0.6

vendor:citrixmodel:netscaler application delivery controllerscope:gteversion:12.1,<12.1-55.302

Trust: 0.6

vendor:citrixmodel:netscaler application delivery controllerscope:gteversion:13.1,<13.1-37.176

Trust: 0.6

vendor:citrixmodel:netscaler application delivery controllerscope:gteversion:13.0,<13.0-92.21

Trust: 0.6

vendor:citrixmodel:netscaler application delivery controllerscope:gteversion:13.1,<13.1-51.15

Trust: 0.6

vendor:citrixmodel:netscaler application delivery controllerscope:gteversion:14.1,<14.1-12.35

Trust: 0.6

sources: CNVD: CNVD-2024-17820 // NVD: CVE-2023-6548

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-6548
value: HIGH

Trust: 1.0

secure@citrix.com: CVE-2023-6548
value: MEDIUM

Trust: 1.0

CNVD: CNVD-2024-17820
value: HIGH

Trust: 0.6

CNVD: CNVD-2024-17820
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2023-6548
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

secure@citrix.com: CVE-2023-6548
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.1
impactScore: 3.4
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2024-17820 // NVD: CVE-2023-6548 // NVD: CVE-2023-6548

PROBLEMTYPE DATA

problemtype:CWE-94

Trust: 1.0

sources: NVD: CVE-2023-6548

PATCH

title:Patch for Citrix NetScaler ADC and NetScaler Gateway have code injection vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/541131

Trust: 0.6

sources: CNVD: CNVD-2024-17820

EXTERNAL IDS

db:NVDid:CVE-2023-6548

Trust: 1.6

db:CNVDid:CNVD-2024-17820

Trust: 0.6

sources: CNVD: CNVD-2024-17820 // NVD: CVE-2023-6548

REFERENCES

url:https://support.citrix.com/article/ctx584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549

Trust: 1.0

url:https://support.citrix.com/article/ctx584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549https

Trust: 0.6

sources: CNVD: CNVD-2024-17820 // NVD: CVE-2023-6548

SOURCES

db:CNVDid:CNVD-2024-17820
db:NVDid:CVE-2023-6548

LAST UPDATE DATE

2024-08-14T15:20:39.803000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2024-17820date:2024-04-12T00:00:00
db:NVDid:CVE-2023-6548date:2024-01-25T16:45:58.287

SOURCES RELEASE DATE

db:CNVDid:CNVD-2024-17820date:2024-04-12T00:00:00
db:NVDid:CVE-2023-6548date:2024-01-17T20:15:50.627