CVE-2023-3519
CVE-2023-3519
In short
An attacker can run malicious code on the affected system without needing to log in or have permission. This is extremely dangerous because it gives complete control of the system to an unauthorized person.
Technical detail
An unauthenticated remote attacker can execute arbitrary code through an input validation flaw (CWE-94: Code Injection), likely via network-accessible endpoints. No credentials or prior access required; successful exploitation grants full system compromise with the privileges of the affected application.
Summary generated and translated by AI from the official description.
Unauthenticated remote code execution
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
public PoCs found — 14
githubgithub.com/BishopFox/CVE-2023-3519★ 228githubgithub.com/securekomodo/citrixInspector★ 86githubgithub.com/mandiant/citrix-ioc-scanner-cve-2023-3519★ 65githubgithub.com/telekom-security/cve-2023-3519-citrix-scanner★ 52githubgithub.com/mr-r3b00t/CVE-2023-3519★ 13githubgithub.com/SalehLardhi/CVE-2023-3519★ 11githubgithub.com/Chocapikk/CVE-2023-3519★ 5githubgithub.com/dhammerg/CVE-2023-3519★ 5githubgithub.com/KR0N-SECURITY/CVE-2023-3519★ 1githubgithub.com/passwa11/CVE-2023-3519★ 1githubgithub.com/rwincey/cve-2023-3519★ 1githubgithub.com/JonaNeidhart/CVE-2023-3519-BackdoorCheck★ 0githubgithub.com/d0rb/CVE-2023-3519★ 0cve_referencepacketstormsecurity.com/files/173997/Citrix-ADC-NetScaler-Remote-Code-Execution.htmlunverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://packetstormsecurity.com/files/173997/Citrix-ADC-NetScaler-Remote-Code-Execution.htmlhttps://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-3519