CVE-2023-6549 - OpenCVE

Improper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScaler Gateway allows Unauthenticated Denial of Service and Out-Of-Bounds Memory Read

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Citrix	Netscaler Application Delivery Controller Netscaler Gateway

Configuration 1 [-]

OR	cpe:2.3:a:citrix:netscaler_application_delivery_controller:::::fips:::*
	cpe:2.3:a:citrix:netscaler_application_delivery_controller:::::ndcpp:::*
	cpe:2.3:a:citrix:netscaler_application_delivery_controller:::::-:::*
	cpe:2.3:a:citrix:netscaler_application_delivery_controller:::::fips:::*
	cpe:2.3:a:citrix:netscaler_application_delivery_controller:::::-:::*
	cpe:2.3:a:citrix:netscaler_application_delivery_controller:::::-:::*
	cpe:2.3:a:citrix:netscaler_gateway::::::::
	cpe:2.3:a:citrix:netscaler_gateway::::::::
	cpe:2.3:a:citrix:netscaler_gateway::::::::

No data.

References

Link	Providers
https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549

History

No history.

MITRE

Status: PUBLISHED

Assigner: Citrix

Published: 2024-01-17T20:15:53.345Z

Updated: 2024-08-02T08:35:13.934Z

Reserved: 2023-12-06T11:01:58.256Z

Link: CVE-2023-6549

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2024-01-17T21:15:11.690

Modified: 2024-06-10T16:27:52.507

Link: CVE-2023-6549

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-6549", "assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6", "state": "PUBLISHED", "assignerShortName": "Citrix", "dateReserved": "2023-12-06T11:01:58.256Z", "datePublished": "2024-01-17T20:15:53.345Z", "dateUpdated": "2024-08-02T08:35:13.934Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "NetScaler ADC\u202f", "vendor": "Cloud Software Group", "versions": [{"lessThan": "12.35", "status": "affected", "version": "14.1", "versionType": "patch"}, {"lessThan": "51.15", "status": "affected", "version": "13.1", "versionType": "patch"}, {"lessThan": "92.21", "status": "affected", "version": "13.0 ", "versionType": "patch"}, {"lessThan": "37.176", "status": "affected", "version": " 13.1-FIPS", "versionType": "patch"}, {"lessThan": "55.302", "status": "affected", "version": "12.1-FIPS", "versionType": "patch"}, {"lessThan": "55.302", "status": "affected", "version": "12.1-NDcPP", "versionType": "patch"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\"><b><span style=\"background-color: rgb(255, 255, 255);\">Improper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScaler Gateway allows Unauthenticated Denial of Service and </span></b><span style=\"background-color: rgb(255, 255, 255);\"><b>Out-Of-Bounds Memory Read</b></span></span><br>"}], "value": "Improper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScaler Gateway allows Unauthenticated Denial of Service and\u00a0Out-Of-Bounds Memory Read\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-119", "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6", "shortName": "Citrix", "dateUpdated": "2024-05-10T17:29:28.138Z"}, "references": [{"url": "https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:35:13.934Z"}, "title": "CVE Program Container", "references": [{"url": "https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549", "tags": ["x_transferred"]}]}]}}

{"cisaActionDue": "2024-02-07", "cisaExploitAdd": "2024-01-17", "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", "cisaVulnerabilityName": "Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:*", "matchCriteriaId": "E5672003-8E6B-4316-B5C9-FE436080ADD1", "versionEndExcluding": "12.1-55.302", "versionStartIncluding": "12.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:ndcpp:*:*:*", "matchCriteriaId": "D1A11ABD-4F45-4BA9-B30B-F1D8A612CC15", "versionEndExcluding": "12.1-55.302", "versionStartIncluding": "12.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*", "matchCriteriaId": "FC0A5AAC-62DD-416A-A801-A7A95D5EF73C", "versionEndExcluding": "13.0-92.21", "versionStartIncluding": "13.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:*", "matchCriteriaId": "8C8A6B95-8338-4EE7-A6EC-7D84AEDC4AF3", "versionEndExcluding": "13.1-37.176", "versionStartIncluding": "13.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*", "matchCriteriaId": "3CF77D9D-FC89-493D-B97D-F9699D182F54", "versionEndExcluding": "13.1-51.15", "versionStartIncluding": "13.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*", "matchCriteriaId": "62CD82CF-9013-4E54-B175-19B804A351AA", "versionEndExcluding": "14.1-12.35", "versionStartIncluding": "14.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "68E1F810-ABCD-40A7-A8C1-4E8727799C7C", "versionEndExcluding": "13.0-92.21", "versionStartIncluding": "13.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "E870C309-D5CD-4181-9DEB-4833DE2EAEB7", "versionEndExcluding": "13.1-51.15", "versionStartIncluding": "13.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "2836707F-A36F-479E-BFDC-CF55AEFC37EE", "versionEndExcluding": "14.1-12.35", "versionStartIncluding": "14.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScaler Gateway allows Unauthenticated Denial of Service and\u00a0Out-Of-Bounds Memory Read\n"}, {"lang": "es", "value": "La restricci\u00f3n inadecuada de las operaciones dentro de los l\u00edmites de un b\u00fafer de memoria en NetScaler ADC y NetScaler Gateway permite una denegaci\u00f3n de servicio no autenticada"}], "id": "CVE-2023-6549", "lastModified": "2024-06-10T16:27:52.507", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.2, "source": "secure@citrix.com", "type": "Secondary"}]}, "published": "2024-01-17T21:15:11.690", "references": [{"source": "secure@citrix.com", "tags": ["Vendor Advisory"], "url": "https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549"}], "sourceIdentifier": "secure@citrix.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-119"}], "source": "secure@citrix.com", "type": "Secondary"}]}