← back
CVE-2023-6548

CVE-2023-6548

CVSS 5.5 MEDIUMEPSS 3.2%● KEVCWE-94
In short

NetScaler ADC and Gateway have a code injection flaw that lets someone with low-level access to the management interface run unauthorized commands on the system. This is dangerous because it gives attackers a way to take control of the management functions.

Technical detail

CWE-94 code injection vulnerability in NetScaler ADC/Gateway management interface allows authenticated users with low privileges on NSIP/CLIP/SNIP to execute arbitrary code remotely. The vulnerability stems from improper sanitization of input used in code generation, enabling privilege escalation from standard user to system-level execution on the management plane.

Summary generated and translated by AI from the official description.
Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway allows an attacker with access to NSIP, CLIP or SNIP with management interface to perform Authenticated (low privileged) remote code execution on Management Interface.
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Affected products
Cloud Software Group · NetScaler ADCCloud Software Group · NetScaler Gateway

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-6548