CVE-2023-6548

Summary

Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway allows an attacker with access to NSIP, CLIP or SNIP with management interface to perform Authenticated (low privileged) remote code execution on Management Interface.

Affected Software

VendorProductVersion RangeStatus
Cloud Software GroupNetScaler ADC14.1 < 12.35affected
Cloud Software GroupNetScaler ADC13.1 < 51.15affected
Cloud Software GroupNetScaler ADC13.0 < 92.21affected
Cloud Software GroupNetScaler ADC13.1-FIPS < 37.176affected
Cloud Software GroupNetScaler ADC12.1-FIPS < 55.302affected
Cloud Software GroupNetScaler ADC12.1-NDcPP < 55.302affected
Cloud Software GroupNetScaler Gateway14.1 < 12.35affected
Cloud Software GroupNetScaler Gateway13.1 < 51.15affected
Cloud Software GroupNetScaler Gateway13.0 < 92.21affected

Weaknesses

  • CWE-94: CWE-94 Improper Control of Generation of Code ('Code Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: no
    • Technical Impact: total

Additional References

CVE Program Container

Additional References

References