VIR Vulnerability Intelligence Relay

CVE-2023-6548

unknown KEV
Published 2024-01-17 · Modified 2024-01-17
CVSS v3
CVSS v2
VIR risk
1.5

Description

Citrix NetScaler ADC and NetScaler Gateway contain a code injection vulnerability that allows for authenticated remote code execution on the management interface with access to NSIP, CLIP, or SNIP.

CISA KEV

Vendor
Citrix
Product
NetScaler ADC and NetScaler Gateway
Due date
2024-01-24

Predictions

Exploit likelihood
99%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cisa-kev — https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549; https://nvd.nist.gov/vuln/detail/CVE-2023-6548

Exploits

References

Verify integrity in audit chain (admin only). AS-IS.