Citrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability

Added Jan. 17, 2024 • Due Jan. 24, 2024 • CVE-2023-6548

Overdue Citrix / NetScaler ADC and NetScaler Gateway CWE-94

Description

Citrix NetScaler ADC and NetScaler Gateway contain a code injection vulnerability that allows for authenticated remote code execution on the management interface with access to NSIP, CLIP, or SNIP.

Required Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

References

https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549
https://nvd.nist.gov/vuln/detail/CVE-2023-6548

Additional Information

Catalog Version: 2025.01.24
Catalog Released: Jan. 24, 2025
Days Until Due: 0 days
Last Updated: 5 months ago