[CVE-2023-6548] Citrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability

CISA KEV 정보

취약점명	Citrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability
설명	Citrix NetScaler ADC and NetScaler Gateway contain a code injection vulnerability that allows for authenticated remote code execution on the management interface with access to NSIP, CLIP, or SNIP.
조치사항	Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
랜섬웨어 캠페인 악용	Unknown
CWE	CWE-94
등록일 (KEV)	2024-01-17
조치 기한	2024-01-24
추가 참고	https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549; https://nvd.nist.gov/vuln/detail/CVE-2023-6548

NVD 상세 정보

CVSS v3.1: 5.5 MEDIUMCVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

설명: Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway allows an attacker with access to NSIP, CLIP or SNIP with management interface to perform Authenticated (low privileged) remote code execution on Management Interface.

CWE: CWE-94 | CWE-94

참조

https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549 [Vendor Advisory]
https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549 [Vendor Advisory]
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-6548 [US Government Resource]

This product uses the NVD API but is not endorsed or certified by the NVD.

바로 가기

[CVE-2023-6548] Citrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability

CISA KEV 정보

NVD 상세 정보

참조

IT 도구 서랍