CVE-2023-6548
5.5
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Summary
Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway allows an attacker with access to NSIP, CLIP or SNIP with management interface to perform Authenticated (low privileged) remote code execution on Management Interface.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Cloud Software Group | NetScaler ADC | 14.1 < 12.35 | affected |
| Cloud Software Group | NetScaler ADC | 13.1 < 51.15 | affected |
| Cloud Software Group | NetScaler ADC | 13.0 < 92.21 | affected |
| Cloud Software Group | NetScaler ADC | 13.1-FIPS < 37.176 | affected |
| Cloud Software Group | NetScaler ADC | 12.1-FIPS < 55.302 | affected |
| Cloud Software Group | NetScaler ADC | 12.1-NDcPP < 55.302 | affected |
| Cloud Software Group | NetScaler Gateway | 14.1 < 12.35 | affected |
| Cloud Software Group | NetScaler Gateway | 13.1 < 51.15 | affected |
| Cloud Software Group | NetScaler Gateway | 13.0 < 92.21 | affected |
Weaknesses
- CWE-94: CWE-94 Improper Control of Generation of Code ('Code Injection')
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: active
- Automatable: no
- Technical Impact: total
Additional References
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.