Multiple vulnerabilities in Citrix NetScaler ADC and NetScaler Gateway
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2023-6548 CVE-2023-6549 |
| CWE-ID | CWE-94 CWE-119 |
| Exploitation vector | Network |
| Public exploit |
Vulnerability #1 is being exploited in the wild. Vulnerability #2 is being exploited in the wild. |
| Vulnerable software Subscribe |
Citrix Netscaler ADC Client/Desktop applications / Software for system administration Citrix NetScaler Gateway Server applications / Application servers |
| Vendor |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Code Injection
EUVDB-ID: #VU85435
Risk: High
CVSSv3.1: 6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:H/RL:O/RC:C]
CVE-ID: CVE-2023-6548
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation within the management interface. A remote authenticated user can send a specially crafted request to the application and execute arbitrary code on the target system.
Note, the vulnerability is being actively exploited in the wild.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCitrix Netscaler ADC: before 14.1-12.35
Citrix NetScaler Gateway: before 14.1-12.35
External linkshttp://support.citrix.com/article/CTX584986
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
2) Buffer overflow
EUVDB-ID: #VU85436
Risk: High
CVSSv3.1: 7.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2023-6549
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error. A remote attacker can send specially crated packets to the system, trigger memory corruption and perform a denial of service (DoS) attack.
Successful exploitation of this vulnerability requires that the device is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAAvirtualserver.
Note, the vulnerability is being actively exploited in the wild.
Install updates from vendor's website.
Vulnerable software versionsCitrix Netscaler ADC: before 14.1-12.35
Citrix NetScaler Gateway: before 14.1-12.35
External linkshttp://support.citrix.com/article/CTX584986
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
