Multiple vulnerabilities in Citrix NetScaler ADC and NetScaler Gateway



| Updated: 2024-01-17
Risk High
Patch available YES
Number of vulnerabilities 2
CVE-ID CVE-2023-6548
CVE-2023-6549
CWE-ID CWE-94
CWE-119
Exploitation vector Network
Public exploit Vulnerability #1 is being exploited in the wild.
Vulnerability #2 is being exploited in the wild.
Vulnerable software
Citrix Netscaler ADC
Client/Desktop applications / Software for system administration

Citrix NetScaler Gateway
Server applications / Application servers

Vendor Citrix

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Code Injection

EUVDB-ID: #VU85435

Risk: High

CVSSv3.1: 6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:H/RL:O/RC:C]

CVE-ID: CVE-2023-6548

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation within the management interface. A remote authenticated user can send a specially crafted request to the application and execute arbitrary code on the target system.

Note, the vulnerability is being actively exploited in the wild.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Citrix Netscaler ADC: before 12.1-55.302

Citrix NetScaler Gateway: before 13.0-92.21

CPE2.3 External links

http://support.citrix.com/article/CTX584986


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

2) Buffer overflow

EUVDB-ID: #VU85436

Risk: High

CVSSv3.1: 7.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2023-6549

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error. A remote attacker can send specially crated packets to the system, trigger memory corruption and perform a denial of service (DoS) attack.

Successful exploitation of this vulnerability requires that the device is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAAvirtualserver.

Note, the vulnerability is being actively exploited in the wild.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Citrix Netscaler ADC: before 12.1-55.302

Citrix NetScaler Gateway: before 13.0-92.21

CPE2.3 External links

http://support.citrix.com/article/CTX584986


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.



###SIDEBAR###