CVE-2023-6548 - OpenCVE

Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway allows an attacker with access to NSIP, CLIP or SNIP with management interface to perform Authenticated (low privileged) remote code execution on Management Interface.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Citrix	Netscaler Application Delivery Controller Netscaler Gateway

Configuration 1 [-]

OR	cpe:2.3:a:citrix:netscaler_application_delivery_controller:::::fips:::*
	cpe:2.3:a:citrix:netscaler_application_delivery_controller:::::ndcpp:::*
	cpe:2.3:a:citrix:netscaler_application_delivery_controller:::::-:::*
	cpe:2.3:a:citrix:netscaler_application_delivery_controller:::::fips:::*
	cpe:2.3:a:citrix:netscaler_application_delivery_controller:::::-:::*
	cpe:2.3:a:citrix:netscaler_application_delivery_controller:::::-:::*
	cpe:2.3:a:citrix:netscaler_gateway::::::::
	cpe:2.3:a:citrix:netscaler_gateway::::::::
	cpe:2.3:a:citrix:netscaler_gateway::::::::

No data.

References

Link	Providers
https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549

History

No history.

MITRE

Status: PUBLISHED

Assigner: Citrix

Published: 2024-01-17T20:11:18.462Z

Updated: 2024-08-02T08:35:14.029Z

Reserved: 2023-12-06T11:01:54.643Z

Link: CVE-2023-6548

Vulnrichment

Updated: 2024-08-02T08:35:14.029Z

NVD

Status : Analyzed

Published: 2024-01-17T20:15:50.627

Modified: 2024-01-25T16:45:58.287

Link: CVE-2023-6548

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-6548", "assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6", "state": "PUBLISHED", "assignerShortName": "Citrix", "dateReserved": "2023-12-06T11:01:54.643Z", "datePublished": "2024-01-17T20:11:18.462Z", "dateUpdated": "2024-08-02T08:35:14.029Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "NetScaler ADC\u202f", "vendor": "Cloud Software Group", "versions": [{"lessThan": "12.35", "status": "affected", "version": "14.1", "versionType": "patch"}, {"lessThan": "51.15", "status": "affected", "version": "13.1", "versionType": "patch"}, {"lessThan": "92.21", "status": "affected", "version": "13.0 ", "versionType": "patch"}, {"lessThan": "37.176", "status": "affected", "version": " 13.1-FIPS", "versionType": "patch"}, {"lessThan": "55.302", "status": "affected", "version": "12.1-FIPS", "versionType": "patch"}, {"lessThan": "55.302", "status": "affected", "version": "12.1-NDcPP", "versionType": "patch"}]}, {"defaultStatus": "unaffected", "product": "NetScaler Gateway", "vendor": "Cloud Software Group", "versions": [{"lessThan": "12.35", "status": "affected", "version": "14.1", "versionType": "patch"}, {"lessThan": "51.15", "status": "affected", "version": "13.1", "versionType": "patch"}, {"lessThan": "92.21", "status": "affected", "version": "13.0", "versionType": "patch"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway <span style=\"background-color: rgb(255, 255, 255);\">allows an attacker with<span style=\"background-color: rgb(255, 255, 255);\"> access</span><span style=\"background-color: rgb(255, 255, 255);\"> to NSIP, CLIP or SNIP with management interface to perform</span> <span style=\"background-color: rgb(255, 255, 255);\">Authenticated (low privileged) remote code execution on Management Interface.</span></span></span>"}], "value": "Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway\u00a0allows an attacker with\u00a0access\u00a0to NSIP, CLIP or SNIP with management interface to perform\u00a0Authenticated (low privileged) remote code execution on Management Interface."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6", "shortName": "Citrix", "dateUpdated": "2024-01-18T01:12:54.917Z"}, "references": [{"url": "https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"affected": [{"vendor": "citrix", "product": "netscaler_application_delivery_controller", "cpes": ["cpe:2.3:a:citrix:netscaler_application_delivery_controller:14.1:*:*:*:-:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "14.1", "status": "affected", "lessThan": "14.1-12.35", "versionType": "custom"}]}, {"vendor": "citrix", "product": "netscaler_application_delivery_controller", "cpes": ["cpe:2.3:a:citrix:netscaler_application_delivery_controller:13.1:*:*:*:-:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "13.1", "status": "affected", "lessThan": "13.1-51.15", "versionType": "custom"}]}, {"vendor": "citrix", "product": "netscaler_application_delivery_controller", "cpes": ["cpe:2.3:a:citrix:netscaler_application_delivery_controller:13.0:*:*:*:-:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "13.0", "status": "affected", "lessThan": "13.0-92.21", "versionType": "custom"}]}, {"vendor": "citrix", "product": "netscaler_application_delivery_controller", "cpes": ["cpe:2.3:a:citrix:netscaler_application_delivery_controller:13.1:*:*:*:fips:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "13.1", "status": "affected", "lessThan": "13.1-37.176", "versionType": "custom"}]}, {"vendor": "citrix", "product": "netscaler_application_delivery_controller", "cpes": ["cpe:2.3:a:citrix:netscaler_application_delivery_controller:12.1:*:*:*:fips:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "12.1", "status": "affected", "lessThan": "12.1-55.302", "versionType": "custom"}]}, {"vendor": "citrix", "product": "netscaler_application_delivery_controller", "cpes": ["cpe:2.3:a:citrix:netscaler_application_delivery_controller:12.1:*:*:*:ndcpp:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "12.1", "status": "affected", "lessThan": "12.1-55.302", "versionType": "custom"}]}, {"vendor": "citrix", "product": "netscaler_gateway", "cpes": ["cpe:2.3:a:citrix:netscaler_gateway:14.1:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "14.1", "status": "affected", "lessThan": "14.1-12.35", "versionType": "custom"}]}, {"vendor": "citrix", "product": "netscaler_gateway", "cpes": ["cpe:2.3:a:citrix:netscaler_gateway:13.1:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "13.1", "status": "affected", "lessThan": "13.1-51.15", "versionType": "custom"}]}, {"vendor": "citrix", "product": "netscaler_gateway", "cpes": ["cpe:2.3:a:citrix:netscaler_gateway:13.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "13.0", "status": "affected", "lessThan": "13.0-92.21", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-01-18T14:00:57.375485Z", "id": "CVE-2023-6548", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2024-01-17", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-6548"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-25T17:14:26.335Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:35:14.029Z"}, "title": "CVE Program Container", "references": [{"url": "https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:35:14.029Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-6548", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-01-18T14:00:57.375485Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2024-01-17", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-6548"}}}], "affected": [{"cpes": ["cpe:2.3:a:citrix:netscaler_application_delivery_controller:14.1:*:*:*:-:*:*:*"], "vendor": "citrix", "product": "netscaler_application_delivery_controller", "versions": [{"status": "affected", "version": "14.1", "lessThan": "14.1-12.35", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:citrix:netscaler_application_delivery_controller:13.1:*:*:*:-:*:*:*"], "vendor": "citrix", "product": "netscaler_application_delivery_controller", "versions": [{"status": "affected", "version": "13.1", "lessThan": "13.1-51.15", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:citrix:netscaler_application_delivery_controller:13.0:*:*:*:-:*:*:*"], "vendor": "citrix", "product": "netscaler_application_delivery_controller", "versions": [{"status": "affected", "version": "13.0", "lessThan": "13.0-92.21", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:citrix:netscaler_application_delivery_controller:13.1:*:*:*:fips:*:*:*"], "vendor": "citrix", "product": "netscaler_application_delivery_controller", "versions": [{"status": "affected", "version": "13.1", "lessThan": "13.1-37.176", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:citrix:netscaler_application_delivery_controller:12.1:*:*:*:fips:*:*:*"], "vendor": "citrix", "product": "netscaler_application_delivery_controller", "versions": [{"status": "affected", "version": "12.1", "lessThan": "12.1-55.302", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:citrix:netscaler_application_delivery_controller:12.1:*:*:*:ndcpp:*:*:*"], "vendor": "citrix", "product": "netscaler_application_delivery_controller", "versions": [{"status": "affected", "version": "12.1", "lessThan": "12.1-55.302", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:citrix:netscaler_gateway:14.1:*:*:*:*:*:*:*"], "vendor": "citrix", "product": "netscaler_gateway", "versions": [{"status": "affected", "version": "14.1", "lessThan": "14.1-12.35", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:citrix:netscaler_gateway:13.1:*:*:*:*:*:*:*"], "vendor": "citrix", "product": "netscaler_gateway", "versions": [{"status": "affected", "version": "13.1", "lessThan": "13.1-51.15", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:citrix:netscaler_gateway:13.0:*:*:*:*:*:*:*"], "vendor": "citrix", "product": "netscaler_gateway", "versions": [{"status": "affected", "version": "13.0", "lessThan": "13.0-92.21", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-25T17:09:55.566Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Cloud Software Group", "product": "NetScaler ADC\u202f", "versions": [{"status": "affected", "version": "14.1", "lessThan": "12.35", "versionType": "patch"}, {"status": "affected", "version": "13.1", "lessThan": "51.15", "versionType": "patch"}, {"status": "affected", "version": "13.0 ", "lessThan": "92.21", "versionType": "patch"}, {"status": "affected", "version": " 13.1-FIPS", "lessThan": "37.176", "versionType": "patch"}, {"status": "affected", "version": "12.1-FIPS", "lessThan": "55.302", "versionType": "patch"}, {"status": "affected", "version": "12.1-NDcPP", "lessThan": "55.302", "versionType": "patch"}], "defaultStatus": "unaffected"}, {"vendor": "Cloud Software Group", "product": "NetScaler Gateway", "versions": [{"status": "affected", "version": "14.1", "lessThan": "12.35", "versionType": "patch"}, {"status": "affected", "version": "13.1", "lessThan": "51.15", "versionType": "patch"}, {"status": "affected", "version": "13.0", "lessThan": "92.21", "versionType": "patch"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway\u00a0allows an attacker with\u00a0access\u00a0to NSIP, CLIP or SNIP with management interface to perform\u00a0Authenticated (low privileged) remote code execution on Management Interface.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway <span style=\"background-color: rgb(255, 255, 255);\">allows an attacker with<span style=\"background-color: rgb(255, 255, 255);\"> access</span><span style=\"background-color: rgb(255, 255, 255);\"> to NSIP, CLIP or SNIP with management interface to perform</span> <span style=\"background-color: rgb(255, 255, 255);\">Authenticated (low privileged) remote code execution on Management Interface.</span></span></span>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}], "providerMetadata": {"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6", "shortName": "Citrix", "dateUpdated": "2024-01-18T01:12:54.917Z"}}}, "cveMetadata": {"cveId": "CVE-2023-6548", "state": "PUBLISHED", "dateUpdated": "2024-08-02T08:35:14.029Z", "dateReserved": "2023-12-06T11:01:54.643Z", "assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6", "datePublished": "2024-01-17T20:11:18.462Z", "assignerShortName": "Citrix"}, "dataVersion": "5.1"}

{"cisaActionDue": "2024-01-24", "cisaExploitAdd": "2024-01-17", "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", "cisaVulnerabilityName": "Citrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:*", "matchCriteriaId": "E5672003-8E6B-4316-B5C9-FE436080ADD1", "versionEndExcluding": "12.1-55.302", "versionStartIncluding": "12.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:ndcpp:*:*:*", "matchCriteriaId": "D1A11ABD-4F45-4BA9-B30B-F1D8A612CC15", "versionEndExcluding": "12.1-55.302", "versionStartIncluding": "12.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*", "matchCriteriaId": "FC0A5AAC-62DD-416A-A801-A7A95D5EF73C", "versionEndExcluding": "13.0-92.21", "versionStartIncluding": "13.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:*", "matchCriteriaId": "8C8A6B95-8338-4EE7-A6EC-7D84AEDC4AF3", "versionEndExcluding": "13.1-37.176", "versionStartIncluding": "13.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*", "matchCriteriaId": "3CF77D9D-FC89-493D-B97D-F9699D182F54", "versionEndExcluding": "13.1-51.15", "versionStartIncluding": "13.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*", "matchCriteriaId": "62CD82CF-9013-4E54-B175-19B804A351AA", "versionEndExcluding": "14.1-12.35", "versionStartIncluding": "14.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "68E1F810-ABCD-40A7-A8C1-4E8727799C7C", "versionEndExcluding": "13.0-92.21", "versionStartIncluding": "13.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "E870C309-D5CD-4181-9DEB-4833DE2EAEB7", "versionEndExcluding": "13.1-51.15", "versionStartIncluding": "13.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "2836707F-A36F-479E-BFDC-CF55AEFC37EE", "versionEndExcluding": "14.1-12.35", "versionStartIncluding": "14.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway\u00a0allows an attacker with\u00a0access\u00a0to NSIP, CLIP or SNIP with management interface to perform\u00a0Authenticated (low privileged) remote code execution on Management Interface."}, {"lang": "es", "value": "El control inadecuado de la generaci\u00f3n de c\u00f3digo (\"inyecci\u00f3n de c\u00f3digo\") en NetScaler ADC y NetScaler Gateway permite a un atacante con acceso a NSIP, CLIP o SNIP con interfaz de administraci\u00f3n realizar una ejecuci\u00f3n remota de c\u00f3digo autenticado (con privilegios bajos) en Management Interface."}], "id": "CVE-2023-6548", "lastModified": "2024-01-25T16:45:58.287", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 3.4, "source": "secure@citrix.com", "type": "Secondary"}]}, "published": "2024-01-17T20:15:50.627", "references": [{"source": "secure@citrix.com", "tags": ["Vendor Advisory"], "url": "https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549"}], "sourceIdentifier": "secure@citrix.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-94"}], "source": "secure@citrix.com", "type": "Secondary"}]}