CVE-2023-6549

CVSS 8.2 HIGHEPSS 57.6%● KEVCWE-119

In short

NetScaler ADC and Gateway products have a memory buffer flaw that allows attackers to crash the system or read sensitive data without needing to log in. An attacker can exploit this by sending specially crafted network requests to the vulnerable service.

Technical detail

CWE-119 buffer boundary violation in NetScaler ADC/Gateway permits unauthenticated attackers to trigger denial of service or out-of-bounds memory reads via malformed input. No authentication required; exploitation occurs at the network layer through direct request manipulation, resulting in service disruption or potential information disclosure.

Summary generated and translated by AI from the official description.

Improper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScaler Gateway allows Unauthenticated Denial of Service and Out-Of-Bounds Memory Read

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

Affected products

Cloud Software Group · NetScaler ADC

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-6549