CVE-2023-6548 - OpenCVE

Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway allows an attacker with access to NSIP, CLIP or SNIP with management interface to perform Authenticated (low privileged) remote code execution on Management Interface.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Citrix	Netscaler Gateway Netscaler Application Delivery Controller

Configuration 1 [-]

OR	cpe:2.3:a:citrix:netscaler_application_delivery_controller:::::fips:::*
	cpe:2.3:a:citrix:netscaler_application_delivery_controller:::::ndcpp:::*
	cpe:2.3:a:citrix:netscaler_application_delivery_controller:::::-:::*
	cpe:2.3:a:citrix:netscaler_application_delivery_controller:::::fips:::*
	cpe:2.3:a:citrix:netscaler_application_delivery_controller:::::-:::*
	cpe:2.3:a:citrix:netscaler_application_delivery_controller:::::-:::*
	cpe:2.3:a:citrix:netscaler_gateway::::::::
	cpe:2.3:a:citrix:netscaler_gateway::::::::
	cpe:2.3:a:citrix:netscaler_gateway::::::::

References

Link	Resource
https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Citrix

Published: 2024-01-17T20:11:18.462Z

Updated: 2024-06-25T17:14:26.335Z

Reserved: 2023-12-06T11:01:54.643Z

Link: CVE-2023-6548

JSON object: View

NVD Information

Status : Analyzed

Published: 2024-01-17T20:15:50.627

Modified: 2024-01-25T16:45:58.287

Link: CVE-2023-6548

JSON object: View

Redhat Information

No data.

CWE

CWE-94

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-6548", "assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6", "state": "PUBLISHED", "assignerShortName": "Citrix", "dateReserved": "2023-12-06T11:01:54.643Z", "datePublished": "2024-01-17T20:11:18.462Z", "dateUpdated": "2024-06-25T17:14:26.335Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "NetScaler ADC\u202f", "vendor": "Cloud Software Group", "versions": [{"lessThan": "12.35", "status": "affected", "version": "14.1", "versionType": "patch"}, {"lessThan": "51.15", "status": "affected", "version": "13.1", "versionType": "patch"}, {"lessThan": "92.21", "status": "affected", "version": "13.0 ", "versionType": "patch"}, {"lessThan": "37.176", "status": "affected", "version": " 13.1-FIPS", "versionType": "patch"}, {"lessThan": "55.302", "status": "affected", "version": "12.1-FIPS", "versionType": "patch"}, {"lessThan": "55.302", "status": "affected", "version": "12.1-NDcPP", "versionType": "patch"}]}, {"defaultStatus": "unaffected", "product": "NetScaler Gateway", "vendor": "Cloud Software Group", "versions": [{"lessThan": "12.35", "status": "affected", "version": "14.1", "versionType": "patch"}, {"lessThan": "51.15", "status": "affected", "version": "13.1", "versionType": "patch"}, {"lessThan": "92.21", "status": "affected", "version": "13.0", "versionType": "patch"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway <span style=\"background-color: rgb(255, 255, 255);\">allows an attacker with<span style=\"background-color: rgb(255, 255, 255);\"> access</span><span style=\"background-color: rgb(255, 255, 255);\"> to NSIP, CLIP or SNIP with management interface to perform</span> <span style=\"background-color: rgb(255, 255, 255);\">Authenticated (low privileged) remote code execution on Management Interface.</span></span></span>"}], "value": "Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway\u00a0allows an attacker with\u00a0access\u00a0to NSIP, CLIP or SNIP with management interface to perform\u00a0Authenticated (low privileged) remote code execution on Management Interface."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6", "shortName": "Citrix", "dateUpdated": "2024-01-18T01:12:54.917Z"}, "references": [{"url": "https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"affected": [{"vendor": "citrix", "product": "netscaler_application_delivery_controller", "cpes": ["cpe:2.3:a:citrix:netscaler_application_delivery_controller:14.1:*:*:*:-:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "14.1", "status": "affected", "lessThan": "14.1-12.35", "versionType": "custom"}]}, {"vendor": "citrix", "product": "netscaler_application_delivery_controller", "cpes": ["cpe:2.3:a:citrix:netscaler_application_delivery_controller:13.1:*:*:*:-:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "13.1", "status": "affected", "lessThan": "13.1-51.15", "versionType": "custom"}]}, {"vendor": "citrix", "product": "netscaler_application_delivery_controller", "cpes": ["cpe:2.3:a:citrix:netscaler_application_delivery_controller:13.0:*:*:*:-:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "13.0", "status": "affected", "lessThan": "13.0-92.21", "versionType": "custom"}]}, {"vendor": "citrix", "product": "netscaler_application_delivery_controller", "cpes": ["cpe:2.3:a:citrix:netscaler_application_delivery_controller:13.1:*:*:*:fips:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "13.1", "status": "affected", "lessThan": "13.1-37.176", "versionType": "custom"}]}, {"vendor": "citrix", "product": "netscaler_application_delivery_controller", "cpes": ["cpe:2.3:a:citrix:netscaler_application_delivery_controller:12.1:*:*:*:fips:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "12.1", "status": "affected", "lessThan": "12.1-55.302", "versionType": "custom"}]}, {"vendor": "citrix", "product": "netscaler_application_delivery_controller", "cpes": ["cpe:2.3:a:citrix:netscaler_application_delivery_controller:12.1:*:*:*:ndcpp:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "12.1", "status": "affected", "lessThan": "12.1-55.302", "versionType": "custom"}]}, {"vendor": "citrix", "product": "netscaler_gateway", "cpes": ["cpe:2.3:a:citrix:netscaler_gateway:14.1:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "14.1", "status": "affected", "lessThan": "14.1-12.35", "versionType": "custom"}]}, {"vendor": "citrix", "product": "netscaler_gateway", "cpes": ["cpe:2.3:a:citrix:netscaler_gateway:13.1:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "13.1", "status": "affected", "lessThan": "13.1-51.15", "versionType": "custom"}]}, {"vendor": "citrix", "product": "netscaler_gateway", "cpes": ["cpe:2.3:a:citrix:netscaler_gateway:13.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "13.0", "status": "affected", "lessThan": "13.0-92.21", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-01-18T14:00:57.375485Z", "id": "CVE-2023-6548", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2024-01-17", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-6548"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-25T17:14:26.335Z"}}]}}

{"cisaActionDue": "2024-01-24", "cisaExploitAdd": "2024-01-17", "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", "cisaVulnerabilityName": "Citrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:*", "matchCriteriaId": "E5672003-8E6B-4316-B5C9-FE436080ADD1", "versionEndExcluding": "12.1-55.302", "versionStartIncluding": "12.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:ndcpp:*:*:*", "matchCriteriaId": "D1A11ABD-4F45-4BA9-B30B-F1D8A612CC15", "versionEndExcluding": "12.1-55.302", "versionStartIncluding": "12.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*", "matchCriteriaId": "FC0A5AAC-62DD-416A-A801-A7A95D5EF73C", "versionEndExcluding": "13.0-92.21", "versionStartIncluding": "13.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:*", "matchCriteriaId": "8C8A6B95-8338-4EE7-A6EC-7D84AEDC4AF3", "versionEndExcluding": "13.1-37.176", "versionStartIncluding": "13.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*", "matchCriteriaId": "3CF77D9D-FC89-493D-B97D-F9699D182F54", "versionEndExcluding": "13.1-51.15", "versionStartIncluding": "13.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*", "matchCriteriaId": "62CD82CF-9013-4E54-B175-19B804A351AA", "versionEndExcluding": "14.1-12.35", "versionStartIncluding": "14.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "68E1F810-ABCD-40A7-A8C1-4E8727799C7C", "versionEndExcluding": "13.0-92.21", "versionStartIncluding": "13.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "E870C309-D5CD-4181-9DEB-4833DE2EAEB7", "versionEndExcluding": "13.1-51.15", "versionStartIncluding": "13.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "2836707F-A36F-479E-BFDC-CF55AEFC37EE", "versionEndExcluding": "14.1-12.35", "versionStartIncluding": "14.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway\u00a0allows an attacker with\u00a0access\u00a0to NSIP, CLIP or SNIP with management interface to perform\u00a0Authenticated (low privileged) remote code execution on Management Interface."}, {"lang": "es", "value": "El control inadecuado de la generaci\u00f3n de c\u00f3digo (\"inyecci\u00f3n de c\u00f3digo\") en NetScaler ADC y NetScaler Gateway permite a un atacante con acceso a NSIP, CLIP o SNIP con interfaz de administraci\u00f3n realizar una ejecuci\u00f3n remota de c\u00f3digo autenticado (con privilegios bajos) en Management Interface."}], "id": "CVE-2023-6548", "lastModified": "2024-01-25T16:45:58.287", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 3.4, "source": "secure@citrix.com", "type": "Secondary"}]}, "published": "2024-01-17T20:15:50.627", "references": [{"source": "secure@citrix.com", "tags": ["Vendor Advisory"], "url": "https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549"}], "sourceIdentifier": "secure@citrix.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-94"}], "source": "secure@citrix.com", "type": "Secondary"}]}