CVE-2023-6548 Vulnerability Details

  /     /     /  

CVE-2023-6548 Metadata Quick Info

CVE Published: 17/01/2024 | CVE Updated: 02/08/2024 | CVE Year: 2023
Source: Citrix | Vendor: Cloud Software Group | Product: NetScaler ADC 
Status : PUBLISHED

---

CVE-2023-6548 Description

Improper Control of Generation of Code (\'Code Injection\') in NetScaler ADC and NetScaler Gateway allows an attacker with access to NSIP, CLIP or SNIP with management interface to perform Authenticated (low privileged) remote code execution on Management Interface.

Metrics

CVSS Version: 3.1 | Base Score: 5.5 MEDIUM
Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

l➤ Exploitability Metrics:
    Attack Vector (AV)* ADJACENT_NETWORK
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* LOW
    User Interaction (UI)* NONE
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* LOW
    Integrity Impact (I)* LOW
    Availability Impact (A)* LOW

Weakness Enumeration (CWE)

CWE-ID: CWE-94
CWE Name: CWE-94 Improper Control of Generation of Code ( Code Injection )
Source: Cloud Software Group

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).