Exploitation Summary
CVE-2023-6549 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added January 17, 2024. A Nuclei detection template is also available.
Description
Improper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScaler Gateway allows Unauthenticated Denial of Service and Out-Of-Bounds Memory Read
Nuclei Templates (1)
Citrix Netscaler ADC & Gateway - Out-Of-Bounds Memory Read
CRITICALVERIFIEDby ice3man
Shodan:
http.favicon.hash:-1292923998,-1166125415
References (2)
Core 2
Core References
Vendor Advisory
https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-6549
Scores
CVSS v3
8.2
EPSS
0.8232
EPSS Percentile
99.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
yes
Technical Impact
partial
Details
CISA KEV
2024-01-17
VulnCheck KEV
2024-01-16
InTheWild.io
2024-01-16
ENISA EUVD
EUVD-2023-58779
CWE
CWE-119
Status
published
Products (3)
citrix/netscaler_application_delivery_controller
12.1 - 12.1-55.302 (2 CPE variants)
citrix/netscaler_application_delivery_controller
13.0 - 13.0-92.21
citrix/netscaler_gateway
13.0 - 13.0-92.21
Published
Jan 17, 2024
KEV Added
Jan 17, 2024
Tracked Since
Feb 18, 2026