CVE-2023-6548

MEDIUM KEV

NetScaler ADC & NetScaler Gateway - Code Injection

Title source: llm

Description

Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway allows an attacker with access to NSIP, CLIP or SNIP with management interface to perform Authenticated (low privileged) remote code execution on Management Interface.

Exploits (1)

inthewild

poc

https://github.com/roonye660/cve-2023-6548-poc

View on inthewild

References (2)

[Vendor Advisory] https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-6548

Scores

CVSS v3 5.5

EPSS 0.0830

EPSS Percentile 92.3%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Details

CISA KEV 2024-01-17

VulnCheck KEV 2024-01-16

InTheWild.io 2024-01-16

ENISA EUVD EUVD-2023-58778

CWE

CWE-94

Status published

Products (3)

citrix/netscaler_application_delivery_controller 12.1 - 12.1-55.302 (2 CPE variants)

citrix/netscaler_application_delivery_controller 13.0 - 13.0-92.21

citrix/netscaler_gateway 13.0 - 13.0-92.21

Published Jan 17, 2024

KEV Added Jan 17, 2024

Tracked Since Feb 18, 2026