CVE-2023-3519 - OpenCVE

Unauthenticated remote code execution

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Citrix	Netscaler Application Delivery Controller Netscaler Gateway

Configuration 1 [-]

OR	cpe:2.3:a:citrix:netscaler_application_delivery_controller:::::fips:::*
	cpe:2.3:a:citrix:netscaler_application_delivery_controller:::::ndcpp:::*
	cpe:2.3:a:citrix:netscaler_application_delivery_controller:::::-:::*
	cpe:2.3:a:citrix:netscaler_application_delivery_controller:::::fips:::*
	cpe:2.3:a:citrix:netscaler_application_delivery_controller:::::-:::*
	cpe:2.3:a:citrix:netscaler_application_delivery_controller:11.1-65.22::::fips:::
	cpe:2.3:a:citrix:netscaler_gateway::::::::
	cpe:2.3:a:citrix:netscaler_gateway::::::::

No data.

References

Link	Providers
http://packetstormsecurity.com/files/173997/Citrix-ADC-NetScaler-Remote-Code-Execution.html
https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467

History

No history.

MITRE

Status: PUBLISHED

Assigner: Citrix

Published: 2023-07-19T17:51:39.739Z

Updated: 2024-08-02T06:55:03.597Z

Reserved: 2023-07-05T22:22:26.251Z

Link: CVE-2023-3519

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-07-19T18:15:11.513

Modified: 2024-06-27T18:53:09.067

Link: CVE-2023-3519

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-3519", "assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6", "state": "PUBLISHED", "assignerShortName": "Citrix", "dateReserved": "2023-07-05T22:22:26.251Z", "datePublished": "2023-07-19T17:51:39.739Z", "dateUpdated": "2024-08-02T06:55:03.597Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "NetScaler ADC\u202f", "vendor": "Citrix", "versions": [{"lessThan": "49.13", "status": "affected", "version": "13.1", "versionType": "patch"}, {"lessThan": "91.13", "status": "affected", "version": "13.0", "versionType": "patch"}, {"lessThan": "37.159", "status": "affected", "version": "13.1-FIPS", "versionType": "patch"}, {"lessThan": "55.297", "status": "affected", "version": "12.1-FIPS", "versionType": "patch"}, {"lessThan": "55.297", "status": "affected", "version": "12.1-NDcPP", "versionType": "patch"}]}, {"defaultStatus": "unaffected", "product": "NetScaler Gateway", "vendor": "Citrix", "versions": [{"lessThan": "49.13", "status": "affected", "version": "13.1", "versionType": "patch"}, {"lessThan": "91.13", "status": "affected", "version": "13.0", "versionType": "patch"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Unauthenticated remote code execution</span><br>"}], "value": "Unauthenticated remote code execution\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6", "shortName": "Citrix", "dateUpdated": "2023-07-19T17:51:39.739Z"}, "references": [{"url": "https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467"}, {"url": "http://packetstormsecurity.com/files/173997/Citrix-ADC-NetScaler-Remote-Code-Execution.html"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:55:03.597Z"}, "title": "CVE Program Container", "references": [{"url": "https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467", "tags": ["x_transferred"]}, {"url": "http://packetstormsecurity.com/files/173997/Citrix-ADC-NetScaler-Remote-Code-Execution.html", "tags": ["x_transferred"]}]}]}}

{"cisaActionDue": "2023-08-09", "cisaExploitAdd": "2023-07-19", "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", "cisaVulnerabilityName": "Citrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:*", "matchCriteriaId": "8927B2FA-F87E-4D81-AC29-9032184ECB7E", "versionEndExcluding": "12.1-55.297", "versionStartIncluding": "12.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:ndcpp:*:*:*", "matchCriteriaId": "9845E7B1-5604-497D-8241-048E91987C13", "versionEndExcluding": "12.1-55.297", "versionStartIncluding": "12.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*", "matchCriteriaId": "AD949674-8DC1-4B0D-8C0C-F593539E12F1", "versionEndExcluding": "13.0-91.13", "versionStartIncluding": "13.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:*", "matchCriteriaId": "BD0739E3-F7A4-463C-96B0-9D7BDBF218C4", "versionEndExcluding": "13.1-37.159", "versionStartIncluding": "13.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*", "matchCriteriaId": "FCEED8AC-F9A9-4F75-BB32-F53967A8E9A0", "versionEndExcluding": "13.1-49.13", "versionStartIncluding": "13.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:11.1-65.22:*:*:*:fips:*:*:*", "matchCriteriaId": "102C0D0F-AC37-43B0-8B9A-103B37436130", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "BC825A83-8D84-42C7-868F-0470FF79D497", "versionEndExcluding": "13.0-91.13", "versionStartIncluding": "13.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "442F6925-199D-4E5B-84C1-05C4D8108B62", "versionEndExcluding": "13.1-49.13", "versionStartIncluding": "13.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Unauthenticated remote code execution\n"}], "id": "CVE-2023-3519", "lastModified": "2024-06-27T18:53:09.067", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "secure@citrix.com", "type": "Secondary"}]}, "published": "2023-07-19T18:15:11.513", "references": [{"source": "secure@citrix.com", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/173997/Citrix-ADC-NetScaler-Remote-Code-Execution.html"}, {"source": "secure@citrix.com", "tags": ["Vendor Advisory"], "url": "https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467"}], "sourceIdentifier": "secure@citrix.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-94"}], "source": "secure@citrix.com", "type": "Secondary"}]}