{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-6548","assignerOrgId":"e437aed5-38e0-4fa3-a98b-cb73e7acaec6","state":"PUBLISHED","assignerShortName":"Citrix","dateReserved":"2023-12-06T11:01:54.643Z","datePublished":"2024-01-17T20:11:18.462Z","dateUpdated":"2025-10-21T23:05:28.157Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"NetScaler ADC","vendor":"Cloud Software Group","versions":[{"lessThan":"12.35","status":"affected","version":"14.1","versionType":"patch"},{"lessThan":"51.15","status":"affected","version":"13.1","versionType":"patch"},{"lessThan":"92.21","status":"affected","version":"13.0","versionType":"patch"},{"lessThan":"37.176","status":"affected","version":"13.1-FIPS","versionType":"patch"},{"lessThan":"55.302","status":"affected","version":"12.1-FIPS","versionType":"patch"},{"lessThan":"55.302","status":"affected","version":"12.1-NDcPP","versionType":"patch"}]},{"defaultStatus":"unaffected","product":"NetScaler Gateway","vendor":"Cloud Software Group","versions":[{"lessThan":"12.35","status":"affected","version":"14.1","versionType":"patch"},{"lessThan":"51.15","status":"affected","version":"13.1","versionType":"patch"},{"lessThan":"92.21","status":"affected","version":"13.0","versionType":"patch"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<span style=\"background-color: rgb(255, 255, 255);\">Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">allows an attacker with<span style=\"background-color: rgb(255, 255, 255);\">&nbsp;access</span><span style=\"background-color: rgb(255, 255, 255);\">&nbsp;to NSIP, CLIP or SNIP with management interface to perform</span>&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">Authenticated (low privileged) remote code execution on Management Interface.</span></span></span>"}],"value":"Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway allows an attacker with access to NSIP, CLIP or SNIP with management interface to perform Authenticated (low privileged) remote code execution on Management Interface."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"ADJACENT_NETWORK","availabilityImpact":"LOW","baseScore":5.5,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-94","description":"CWE-94 Improper Control of Generation of Code ('Code Injection')","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"e437aed5-38e0-4fa3-a98b-cb73e7acaec6","shortName":"Citrix","dateUpdated":"2024-01-18T01:12:54.917Z"},"references":[{"url":"https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549"}],"source":{"discovery":"UNKNOWN"},"x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2023-6548","role":"CISA Coordinator","options":[{"Exploitation":"active"},{"Automatable":"no"},{"Technical Impact":"total"}],"version":"2.0.3","timestamp":"2024-01-18T14:00:57.375485Z"}}},{"other":{"type":"kev","content":{"dateAdded":"2024-01-17","reference":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-6548"}}}],"affected":[{"cpes":["cpe:2.3:a:citrix:netscaler_application_delivery_controller:14.1:*:*:*:-:*:*:*"],"vendor":"citrix","product":"netscaler_application_delivery_controller","versions":[{"status":"affected","version":"14.1","lessThan":"14.1-12.35","versionType":"custom"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:a:citrix:netscaler_application_delivery_controller:13.1:*:*:*:-:*:*:*"],"vendor":"citrix","product":"netscaler_application_delivery_controller","versions":[{"status":"affected","version":"13.1","lessThan":"13.1-51.15","versionType":"custom"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:a:citrix:netscaler_application_delivery_controller:13.0:*:*:*:-:*:*:*"],"vendor":"citrix","product":"netscaler_application_delivery_controller","versions":[{"status":"affected","version":"13.0","lessThan":"13.0-92.21","versionType":"custom"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:a:citrix:netscaler_application_delivery_controller:13.1:*:*:*:fips:*:*:*"],"vendor":"citrix","product":"netscaler_application_delivery_controller","versions":[{"status":"affected","version":"13.1","lessThan":"13.1-37.176","versionType":"custom"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:a:citrix:netscaler_application_delivery_controller:12.1:*:*:*:fips:*:*:*"],"vendor":"citrix","product":"netscaler_application_delivery_controller","versions":[{"status":"affected","version":"12.1","lessThan":"12.1-55.302","versionType":"custom"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:a:citrix:netscaler_application_delivery_controller:12.1:*:*:*:ndcpp:*:*:*"],"vendor":"citrix","product":"netscaler_application_delivery_controller","versions":[{"status":"affected","version":"12.1","lessThan":"12.1-55.302","versionType":"custom"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:a:citrix:netscaler_gateway:14.1:*:*:*:*:*:*:*"],"vendor":"citrix","product":"netscaler_gateway","versions":[{"status":"affected","version":"14.1","lessThan":"14.1-12.35","versionType":"custom"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:a:citrix:netscaler_gateway:13.1:*:*:*:*:*:*:*"],"vendor":"citrix","product":"netscaler_gateway","versions":[{"status":"affected","version":"13.1","lessThan":"13.1-51.15","versionType":"custom"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:a:citrix:netscaler_gateway:13.0:*:*:*:*:*:*:*"],"vendor":"citrix","product":"netscaler_gateway","versions":[{"status":"affected","version":"13.0","lessThan":"13.0-92.21","versionType":"custom"}],"defaultStatus":"unknown"}],"references":[{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-6548","tags":["government-resource"]}],"timeline":[{"time":"2024-01-17T00:00:00.000Z","lang":"en","value":"CVE-2023-6548 added to CISA KEV"}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-10-21T23:05:28.157Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T08:35:14.029Z"},"title":"CVE Program Container","references":[{"url":"https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549","tags":["x_transferred"]}]}]}}