Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway allows an attacker with access to NSIP, CLIP or SNIP with management interface to perform Authenticated (low privileged) remote code execution on Management Interface.
References
Configurations
Configuration 1 (hide)
|
History
25 Jan 2024, 16:45
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:* cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:* cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:* cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:ndcpp:*:*:* |
|
| References | () https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549 - Vendor Advisory | |
| First Time |
Citrix netscaler Application Delivery Controller
Citrix netscaler Gateway Citrix |
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
19 Jan 2024, 02:00
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2024-01-17 20:15
Updated : 2024-01-25 16:45
NVD link : CVE-2023-6548
Mitre link : CVE-2023-6548
CVE.ORG link : CVE-2023-6548
JSON object : View
Products Affected
citrix
- netscaler_gateway
- netscaler_application_delivery_controller
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')