Vulnerability Description
Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway allows an attacker with access to NSIP, CLIP or SNIP with management interface to perform Authenticated (low privileged) remote code execution on Management Interface.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Citrix | Netscaler Application Delivery Controller | >= 12.1, < 12.1-55.302 |
| Citrix | Netscaler Gateway | >= 13.0, < 13.0-92.21 |
Related Weaknesses (CWE)
References
- https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gatewayVendor Advisory
- https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gatewayVendor Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-US Government Resource
FAQ
What is CVE-2023-6548?
CVE-2023-6548 is a vulnerability with a CVSS score of 5.5 (MEDIUM). Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway allows an attacker with access to NSIP, CLIP or SNIP with management interface to perform Authenticated...
How severe is CVE-2023-6548?
CVE-2023-6548 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-6548?
Check the references section above for vendor advisories and patch information. Affected products include: Citrix Netscaler Application Delivery Controller, Citrix Netscaler Gateway.