PT-2024-1120 · Citrix · Citrix Netscaler Gateway+1
Published
2024-01-16
·
Updated
2024-12-30
·
CVE-2023-6548
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Citrix NetScaler ADC and NetScaler Gateway (affected versions not specified)
Description
The issue is related to improper control of generation of code, also known as 'Code Injection', in Citrix NetScaler ADC and NetScaler Gateway. This allows an attacker with access to NSIP, CLIP, or SNIP with management interface to perform authenticated remote code execution on the Management Interface. The vulnerability can be exploited by an attacker to execute arbitrary code. It is reported that there are approximately 185,915 potentially affected devices, mainly distributed in the United States, Germany, and other countries.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
RCE
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Citrix Netscaler Adc
Citrix Netscaler Gateway