cvelistv5 - CVE-2023-6549

CVE-2023-6549 (GCVE-0-2023-6549)

Vulnerability from cvelistv5

Published

2024-01-17 20:15

Modified

2025-10-21 23:05

Severity ?

8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

CWE

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Summary

Improper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScaler Gateway allows Unauthenticated Denial of Service and Out-Of-Bounds Memory Read

References

URL

	Vendor	Product	Version
	Cloud Software Group	NetScaler ADC	Version: 14.1 Version: 13.1 Version: 13.0 Version: 13.1-FIPS Version: 12.1-FIPS Version: 12.1-NDcPP

CISA Known Exploited Vulnerability

Data from the CISA Known Exploited Vulnerabilities Catalog

Date added: 2024-01-17

Due date: 2024-02-07

Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Used in ransomware: Unknown

Notes: https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549; https://nvd.nist.gov/vuln/detail/CVE-2023-6549

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:35:13.934Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-6549",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-01-31T05:00:20.477654Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2024-01-17",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-6549"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:05:27.936Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-6549"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2024-01-17T00:00:00+00:00",
            "value": "CVE-2023-6549 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "NetScaler ADC\u202f",
          "vendor": "Cloud Software Group",
          "versions": [
            {
              "lessThan": "12.35",
              "status": "affected",
              "version": "14.1",
              "versionType": "patch"
            },
            {
              "lessThan": "51.15",
              "status": "affected",
              "version": "13.1",
              "versionType": "patch"
            },
            {
              "lessThan": "92.21",
              "status": "affected",
              "version": "13.0 ",
              "versionType": "patch"
            },
            {
              "lessThan": "37.176",
              "status": "affected",
              "version": " 13.1-FIPS",
              "versionType": "patch"
            },
            {
              "lessThan": "55.302",
              "status": "affected",
              "version": "12.1-FIPS",
              "versionType": "patch"
            },
            {
              "lessThan": "55.302",
              "status": "affected",
              "version": "12.1-NDcPP",
              "versionType": "patch"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cb\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eImproper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScaler Gateway allows Unauthenticated Denial of Service and\u0026nbsp;\u003c/span\u003e\u003c/b\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cb\u003eOut-Of-Bounds Memory Read\u003c/b\u003e\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "Improper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScaler Gateway allows Unauthenticated Denial of Service and\u00a0Out-Of-Bounds Memory Read\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-10T17:29:28.138Z",
        "orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
        "shortName": "Citrix"
      },
      "references": [
        {
          "url": "https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
    "assignerShortName": "Citrix",
    "cveId": "CVE-2023-6549",
    "datePublished": "2024-01-17T20:15:53.345Z",
    "dateReserved": "2023-12-06T11:01:58.256Z",
    "dateUpdated": "2025-10-21T23:05:27.936Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2023-6549",
      "cwes": "[\"CWE-119\"]",
      "dateAdded": "2024-01-17",
      "dueDate": "2024-02-07",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549;   https://nvd.nist.gov/vuln/detail/CVE-2023-6549",
      "product": "NetScaler ADC and NetScaler Gateway",
      "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
      "shortDescription": "Citrix NetScaler ADC and NetScaler Gateway contain a buffer overflow vulnerability that allows for a denial-of-service when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.",
      "vendorProject": "Citrix",
      "vulnerabilityName": "Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-6549\",\"sourceIdentifier\":\"secure@citrix.com\",\"published\":\"2024-01-17T21:15:11.690\",\"lastModified\":\"2025-10-24T13:42:40.103\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Improper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScaler Gateway allows Unauthenticated Denial of Service and\u00a0Out-Of-Bounds Memory Read\\n\"},{\"lang\":\"es\",\"value\":\"La restricci\u00f3n inadecuada de las operaciones dentro de los l\u00edmites de un b\u00fafer de memoria en NetScaler ADC y NetScaler Gateway permite una denegaci\u00f3n de servicio no autenticada\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secure@citrix.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H\",\"baseScore\":8.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":4.2},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"cisaExploitAdd\":\"2024-01-17\",\"cisaActionDue\":\"2024-02-07\",\"cisaRequiredAction\":\"Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.\",\"cisaVulnerabilityName\":\"Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability\",\"weaknesses\":[{\"source\":\"secure@citrix.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:*\",\"versionStartIncluding\":\"12.1\",\"versionEndExcluding\":\"12.1-55.302\",\"matchCriteriaId\":\"E5672003-8E6B-4316-B5C9-FE436080ADD1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:ndcpp:*:*:*\",\"versionStartIncluding\":\"12.1\",\"versionEndExcluding\":\"12.1-55.302\",\"matchCriteriaId\":\"D1A11ABD-4F45-4BA9-B30B-F1D8A612CC15\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*\",\"versionStartIncluding\":\"13.0\",\"versionEndExcluding\":\"13.0-92.21\",\"matchCriteriaId\":\"FC0A5AAC-62DD-416A-A801-A7A95D5EF73C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:*\",\"versionStartIncluding\":\"13.1\",\"versionEndExcluding\":\"13.1-37.176\",\"matchCriteriaId\":\"8C8A6B95-8338-4EE7-A6EC-7D84AEDC4AF3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*\",\"versionStartIncluding\":\"13.1\",\"versionEndExcluding\":\"13.1-51.15\",\"matchCriteriaId\":\"3CF77D9D-FC89-493D-B97D-F9699D182F54\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*\",\"versionStartIncluding\":\"14.1\",\"versionEndExcluding\":\"14.1-12.35\",\"matchCriteriaId\":\"62CD82CF-9013-4E54-B175-19B804A351AA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.0\",\"versionEndExcluding\":\"13.0-92.21\",\"matchCriteriaId\":\"68E1F810-ABCD-40A7-A8C1-4E8727799C7C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1\",\"versionEndExcluding\":\"13.1-51.15\",\"matchCriteriaId\":\"E870C309-D5CD-4181-9DEB-4833DE2EAEB7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1\",\"versionEndExcluding\":\"14.1-12.35\",\"matchCriteriaId\":\"2836707F-A36F-479E-BFDC-CF55AEFC37EE\"}]}]}],\"references\":[{\"url\":\"https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549\",\"source\":\"secure@citrix.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-6549\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"US Government Resource\"]}]}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"affected\": [{\"defaultStatus\": \"unaffected\", \"product\": \"NetScaler ADC\\u202f\", \"vendor\": \"Cloud Software Group\", \"versions\": [{\"lessThan\": \"12.35\", \"status\": \"affected\", \"version\": \"14.1\", \"versionType\": \"patch\"}, {\"lessThan\": \"51.15\", \"status\": \"affected\", \"version\": \"13.1\", \"versionType\": \"patch\"}, {\"lessThan\": \"92.21\", \"status\": \"affected\", \"version\": \"13.0 \", \"versionType\": \"patch\"}, {\"lessThan\": \"37.176\", \"status\": \"affected\", \"version\": \" 13.1-FIPS\", \"versionType\": \"patch\"}, {\"lessThan\": \"55.302\", \"status\": \"affected\", \"version\": \"12.1-FIPS\", \"versionType\": \"patch\"}, {\"lessThan\": \"55.302\", \"status\": \"affected\", \"version\": \"12.1-NDcPP\", \"versionType\": \"patch\"}]}], \"descriptions\": [{\"lang\": \"en\", \"supportingMedia\": [{\"base64\": false, \"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e\u003cb\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eImproper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScaler Gateway allows Unauthenticated Denial of Service and\u0026nbsp;\u003c/span\u003e\u003c/b\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e\u003cb\u003eOut-Of-Bounds Memory Read\u003c/b\u003e\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e\"}], \"value\": \"Improper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScaler Gateway allows Unauthenticated Denial of Service and\\u00a0Out-Of-Bounds Memory Read\\n\"}], \"metrics\": [{\"cvssV3_1\": {\"attackComplexity\": \"LOW\", \"attackVector\": \"NETWORK\", \"availabilityImpact\": \"HIGH\", \"baseScore\": 8.2, \"baseSeverity\": \"HIGH\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"scope\": \"UNCHANGED\", \"userInteraction\": \"NONE\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H\", \"version\": \"3.1\"}, \"format\": \"CVSS\", \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"problemTypes\": [{\"descriptions\": [{\"cweId\": \"CWE-119\", \"description\": \"CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer\", \"lang\": \"en\", \"type\": \"CWE\"}]}], \"providerMetadata\": {\"orgId\": \"e437aed5-38e0-4fa3-a98b-cb73e7acaec6\", \"shortName\": \"Citrix\", \"dateUpdated\": \"2024-05-10T17:29:28.138Z\"}, \"references\": [{\"url\": \"https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549\"}], \"source\": {\"discovery\": \"UNKNOWN\"}, \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}}, \"adp\": [{\"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T08:35:13.934Z\"}, \"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549\", \"tags\": [\"x_transferred\"]}]}, {\"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-6549\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-01-31T05:00:20.477654Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2024-01-17\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-6549\"}}}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-6549\", \"tags\": [\"government-resource\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-03T16:25:24.879Z\"}, \"timeline\": [{\"time\": \"2024-01-17T00:00:00+00:00\", \"lang\": \"en\", \"value\": \"CVE-2023-6549 added to CISA KEV\"}], \"title\": \"CISA ADP Vulnrichment\"}]}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-6549\", \"assignerOrgId\": \"e437aed5-38e0-4fa3-a98b-cb73e7acaec6\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"Citrix\", \"dateReserved\": \"2023-12-06T11:01:58.256Z\", \"datePublished\": \"2024-01-17T20:15:53.345Z\", \"dateUpdated\": \"2025-10-21T19:45:16.531Z\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

gsd-2023-6549

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

Improper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScaler Gateway allows Unauthenticated Denial of Service

Aliases

CVE-2023-6549

Aliases

CVE-2023-6549

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-6549",
    "id": "GSD-2023-6549"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-6549"
      ],
      "details": "Improper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScaler Gateway allows Unauthenticated Denial of Service \n",
      "id": "GSD-2023-6549",
      "modified": "2023-12-13T01:20:32.633258Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@citrix.com",
        "ID": "CVE-2023-6549",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "NetScaler ADC\u202f",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "14.1",
                          "version_value": "12.35"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_name": "13.1",
                          "version_value": "51.15"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_name": "13.0 ",
                          "version_value": "92.21"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_name": " 13.1-FIPS",
                          "version_value": "37.176"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_name": "12.1-FIPS",
                          "version_value": "55.302"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_name": "12.1-NDcPP",
                          "version_value": "55.302"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Cloud Software Group"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Improper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScaler Gateway allows Unauthenticated Denial of Service \n"
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.1.0-dev"
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-119",
                "lang": "eng",
                "value": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549",
            "refsource": "MISC",
            "url": "https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549"
          }
        ]
      },
      "source": {
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "cisaActionDue": "2024-02-07",
        "cisaExploitAdd": "2024-01-17",
        "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
        "cisaVulnerabilityName": "Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability",
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:*",
                    "matchCriteriaId": "E5672003-8E6B-4316-B5C9-FE436080ADD1",
                    "versionEndExcluding": "12.1-55.302",
                    "versionStartIncluding": "12.1",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:ndcpp:*:*:*",
                    "matchCriteriaId": "D1A11ABD-4F45-4BA9-B30B-F1D8A612CC15",
                    "versionEndExcluding": "12.1-55.302",
                    "versionStartIncluding": "12.1",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*",
                    "matchCriteriaId": "FC0A5AAC-62DD-416A-A801-A7A95D5EF73C",
                    "versionEndExcluding": "13.0-92.21",
                    "versionStartIncluding": "13.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:*",
                    "matchCriteriaId": "8C8A6B95-8338-4EE7-A6EC-7D84AEDC4AF3",
                    "versionEndExcluding": "13.1-37.176",
                    "versionStartIncluding": "13.1",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*",
                    "matchCriteriaId": "3CF77D9D-FC89-493D-B97D-F9699D182F54",
                    "versionEndExcluding": "13.1-51.15",
                    "versionStartIncluding": "13.1",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*",
                    "matchCriteriaId": "62CD82CF-9013-4E54-B175-19B804A351AA",
                    "versionEndExcluding": "14.1-12.35",
                    "versionStartIncluding": "14.1",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "68E1F810-ABCD-40A7-A8C1-4E8727799C7C",
                    "versionEndExcluding": "13.0-92.21",
                    "versionStartIncluding": "13.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "E870C309-D5CD-4181-9DEB-4833DE2EAEB7",
                    "versionEndExcluding": "13.1-51.15",
                    "versionStartIncluding": "13.1",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "2836707F-A36F-479E-BFDC-CF55AEFC37EE",
                    "versionEndExcluding": "14.1-12.35",
                    "versionStartIncluding": "14.1",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "Improper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScaler Gateway allows Unauthenticated Denial of Service \n"
          },
          {
            "lang": "es",
            "value": "La restricci\u00f3n inadecuada de las operaciones dentro de los l\u00edmites de un b\u00fafer de memoria en NetScaler ADC y NetScaler Gateway permite una denegaci\u00f3n de servicio no autenticada"
          }
        ],
        "id": "CVE-2023-6549",
        "lastModified": "2024-01-24T20:48:33.600",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 3.9,
              "impactScore": 3.6,
              "source": "nvd@nist.gov",
              "type": "Primary"
            },
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 3.9,
              "impactScore": 4.2,
              "source": "secure@citrix.com",
              "type": "Secondary"
            }
          ]
        },
        "published": "2024-01-17T21:15:11.690",
        "references": [
          {
            "source": "secure@citrix.com",
            "tags": [
              "Vendor Advisory"
            ],
            "url": "https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549"
          }
        ],
        "sourceIdentifier": "secure@citrix.com",
        "vulnStatus": "Analyzed",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-119"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          },
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-119"
              }
            ],
            "source": "secure@citrix.com",
            "type": "Secondary"
          }
        ]
      }
    }
  }
}

WID-SEC-W-2024-0133

Vulnerability from csaf_certbund

Published

2024-01-16 23:00

Modified

2024-01-16 23:00

Summary

Citrix Systems Produkte: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Citrix Application Delivery Controller (ADC) ist eine Lösung zur Anwendungsbereitstellung und Lastverteilung. Citrix Gateway ist eine vom Kunden verwaltete Lösung, die vor Ort oder in jeder öffentlichen Cloud, wie z.B. AWS, Azure oder Google Cloud Platform, eingesetzt werden kann. Citrix Gateway bietet Anwendern sicheren Zugriff und Single Sign-On für alle virtuellen, SaaS- und Web-Anwendungen.

Angriff

Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Citrix Systems ADC und Citrix Systems Citrix Gateway ausnutzen, um beliebigen Programmcode auszuführen oder einen Denial of Service zu verursachen.

Betroffene Betriebssysteme

- Sonstiges

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Citrix Application Delivery Controller (ADC) ist eine L\u00f6sung zur Anwendungsbereitstellung und Lastverteilung.\r\nCitrix Gateway ist eine vom Kunden verwaltete L\u00f6sung, die vor Ort oder in jeder \u00f6ffentlichen Cloud, wie z.B. AWS, Azure oder Google Cloud Platform, eingesetzt werden kann.  Citrix Gateway bietet Anwendern sicheren Zugriff und Single Sign-On f\u00fcr alle virtuellen, SaaS- und Web-Anwendungen.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Citrix Systems ADC und Citrix Systems Citrix Gateway ausnutzen, um beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service zu verursachen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-0133 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0133.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-0133 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0133"
      },
      {
        "category": "external",
        "summary": "Citrix Security Bulletin vom 2024-01-16",
        "url": "https://support.citrix.com/article/CTX584986"
      }
    ],
    "source_lang": "en-US",
    "title": "Citrix Systems Produkte: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-01-16T23:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T18:03:53.564+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2024-0133",
      "initial_release_date": "2024-01-16T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-01-16T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Citrix Systems ADC \u003c 14.1-12.35",
                "product": {
                  "name": "Citrix Systems ADC \u003c 14.1-12.35",
                  "product_id": "T032190",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:citrix:application_delivery_controller_firmware:14.1-12.35"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Citrix Systems ADC \u003c 13.1-51.15",
                "product": {
                  "name": "Citrix Systems ADC \u003c 13.1-51.15",
                  "product_id": "T032192",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:citrix:application_delivery_controller_firmware:13.1-51.15"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Citrix Systems ADC \u003c 13.0-92.21",
                "product": {
                  "name": "Citrix Systems ADC \u003c 13.0-92.21",
                  "product_id": "T032194",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:citrix:application_delivery_controller_firmware:13.0-92.21"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Citrix Systems ADC FIPS \u003c 13.1-37.176",
                "product": {
                  "name": "Citrix Systems ADC FIPS \u003c 13.1-37.176",
                  "product_id": "T032197",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:citrix:application_delivery_controller_firmware:fips__13.1-37.176"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Citrix Systems ADC FIPS \u003c 12.1-55.302",
                "product": {
                  "name": "Citrix Systems ADC FIPS \u003c 12.1-55.302",
                  "product_id": "T032198",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:citrix:application_delivery_controller_firmware:fips__12.1-55.302"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Citrix Systems ADC NDcPP \u003c 12.1-55.302",
                "product": {
                  "name": "Citrix Systems ADC NDcPP \u003c 12.1-55.302",
                  "product_id": "T032199",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:citrix:application_delivery_controller_firmware:ndcpp__12.1-55.302"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "ADC"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Citrix Systems Citrix Gateway \u003c 14.1-12.35",
                "product": {
                  "name": "Citrix Systems Citrix Gateway \u003c 14.1-12.35",
                  "product_id": "T032191",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:citrix:gateway:14.1-12.35"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Citrix Systems Citrix Gateway \u003c 13.1-51.15",
                "product": {
                  "name": "Citrix Systems Citrix Gateway \u003c 13.1-51.15",
                  "product_id": "T032193",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:citrix:gateway:13.1-51.15"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Citrix Systems Citrix Gateway \u003c 13.0-92.21",
                "product": {
                  "name": "Citrix Systems Citrix Gateway \u003c 13.0-92.21",
                  "product_id": "T032195",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:citrix:gateway:13.0-92.21"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Citrix Gateway"
          }
        ],
        "category": "vendor",
        "name": "Citrix Systems"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-6548",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Citrix Systems ADC und Citrix Systems Citrix Gateway. Diese besteht in der Verwaltungsschnittstelle, ist jedoch nicht genauer beschrieben. Ein authentisierter Angreifer kann die Schwachstelle ausnutzen, um beliebigen Code zur Ausf\u00fchrung zu bringen."
        }
      ],
      "release_date": "2024-01-16T23:00:00.000+00:00",
      "title": "CVE-2023-6548"
    },
    {
      "cve": "CVE-2023-6549",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Citrix Systems ADC und Citrix Systems Citrix Gateway. Diese, nicht n\u00e4her beschriebene Schwachstelle kann nur dann ausgenutzt werden, wenn die Appliance als Gateway konfiguriert ist. Ein entfernter, anonymer Angreifer kann das ausnutzen, um einen Denial of Service zu verursachen."
        }
      ],
      "release_date": "2024-01-16T23:00:00.000+00:00",
      "title": "CVE-2023-6549"
    }
  ]
}

wid-sec-w-2024-0133

Vulnerability from csaf_certbund

Published

2024-01-16 23:00

Modified

2024-01-16 23:00

Summary

Citrix Systems Produkte: Mehrere Schwachstellen

Notes

Produktbeschreibung

Angriff

Betroffene Betriebssysteme

- Sonstiges

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Citrix Application Delivery Controller (ADC) ist eine L\u00f6sung zur Anwendungsbereitstellung und Lastverteilung.\r\nCitrix Gateway ist eine vom Kunden verwaltete L\u00f6sung, die vor Ort oder in jeder \u00f6ffentlichen Cloud, wie z.B. AWS, Azure oder Google Cloud Platform, eingesetzt werden kann.  Citrix Gateway bietet Anwendern sicheren Zugriff und Single Sign-On f\u00fcr alle virtuellen, SaaS- und Web-Anwendungen.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Citrix Systems ADC und Citrix Systems Citrix Gateway ausnutzen, um beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service zu verursachen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-0133 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0133.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-0133 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0133"
      },
      {
        "category": "external",
        "summary": "Citrix Security Bulletin vom 2024-01-16",
        "url": "https://support.citrix.com/article/CTX584986"
      }
    ],
    "source_lang": "en-US",
    "title": "Citrix Systems Produkte: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-01-16T23:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T18:03:53.564+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2024-0133",
      "initial_release_date": "2024-01-16T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-01-16T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Citrix Systems ADC \u003c 14.1-12.35",
                "product": {
                  "name": "Citrix Systems ADC \u003c 14.1-12.35",
                  "product_id": "T032190",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:citrix:application_delivery_controller_firmware:14.1-12.35"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Citrix Systems ADC \u003c 13.1-51.15",
                "product": {
                  "name": "Citrix Systems ADC \u003c 13.1-51.15",
                  "product_id": "T032192",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:citrix:application_delivery_controller_firmware:13.1-51.15"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Citrix Systems ADC \u003c 13.0-92.21",
                "product": {
                  "name": "Citrix Systems ADC \u003c 13.0-92.21",
                  "product_id": "T032194",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:citrix:application_delivery_controller_firmware:13.0-92.21"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Citrix Systems ADC FIPS \u003c 13.1-37.176",
                "product": {
                  "name": "Citrix Systems ADC FIPS \u003c 13.1-37.176",
                  "product_id": "T032197",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:citrix:application_delivery_controller_firmware:fips__13.1-37.176"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Citrix Systems ADC FIPS \u003c 12.1-55.302",
                "product": {
                  "name": "Citrix Systems ADC FIPS \u003c 12.1-55.302",
                  "product_id": "T032198",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:citrix:application_delivery_controller_firmware:fips__12.1-55.302"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Citrix Systems ADC NDcPP \u003c 12.1-55.302",
                "product": {
                  "name": "Citrix Systems ADC NDcPP \u003c 12.1-55.302",
                  "product_id": "T032199",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:citrix:application_delivery_controller_firmware:ndcpp__12.1-55.302"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "ADC"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Citrix Systems Citrix Gateway \u003c 14.1-12.35",
                "product": {
                  "name": "Citrix Systems Citrix Gateway \u003c 14.1-12.35",
                  "product_id": "T032191",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:citrix:gateway:14.1-12.35"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Citrix Systems Citrix Gateway \u003c 13.1-51.15",
                "product": {
                  "name": "Citrix Systems Citrix Gateway \u003c 13.1-51.15",
                  "product_id": "T032193",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:citrix:gateway:13.1-51.15"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Citrix Systems Citrix Gateway \u003c 13.0-92.21",
                "product": {
                  "name": "Citrix Systems Citrix Gateway \u003c 13.0-92.21",
                  "product_id": "T032195",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:citrix:gateway:13.0-92.21"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Citrix Gateway"
          }
        ],
        "category": "vendor",
        "name": "Citrix Systems"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-6548",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Citrix Systems ADC und Citrix Systems Citrix Gateway. Diese besteht in der Verwaltungsschnittstelle, ist jedoch nicht genauer beschrieben. Ein authentisierter Angreifer kann die Schwachstelle ausnutzen, um beliebigen Code zur Ausf\u00fchrung zu bringen."
        }
      ],
      "release_date": "2024-01-16T23:00:00.000+00:00",
      "title": "CVE-2023-6548"
    },
    {
      "cve": "CVE-2023-6549",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Citrix Systems ADC und Citrix Systems Citrix Gateway. Diese, nicht n\u00e4her beschriebene Schwachstelle kann nur dann ausgenutzt werden, wenn die Appliance als Gateway konfiguriert ist. Ein entfernter, anonymer Angreifer kann das ausnutzen, um einen Denial of Service zu verursachen."
        }
      ],
      "release_date": "2024-01-16T23:00:00.000+00:00",
      "title": "CVE-2023-6549"
    }
  ]
}

ghsa-8fxh-p33g-qf5m

Vulnerability from github

Published

2024-01-17 21:30

Modified

2025-10-22 00:32

Severity ?

8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

Details

Denial of Service

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-6549"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-01-17T21:15:11Z",
    "severity": "HIGH"
  },
  "details": "Denial of Service",
  "id": "GHSA-8fxh-p33g-qf5m",
  "modified": "2025-10-22T00:32:58Z",
  "published": "2024-01-17T21:30:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6549"
    },
    {
      "type": "WEB",
      "url": "https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-6549"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
      "type": "CVSS_V3"
    }
  ]
}

fkie_cve-2023-6549

Vulnerability from fkie_nvd

Published

2024-01-17 21:15

Modified

2025-10-24 13:42

Severity ?

8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

Improper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScaler Gateway allows Unauthenticated Denial of Service and Out-Of-Bounds Memory Read

References

URL	Tags
secure@citrix.com	https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549	Vendor Advisory
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-6549	US Government Resource

Impacted products

Vendor	Product	Version
citrix	netscaler_application_delivery_controller	*
citrix	netscaler_application_delivery_controller	*
citrix	netscaler_application_delivery_controller	*
citrix	netscaler_application_delivery_controller	*
citrix	netscaler_application_delivery_controller	*
citrix	netscaler_application_delivery_controller	*
citrix	netscaler_gateway	*
citrix	netscaler_gateway	*
citrix	netscaler_gateway	*

JSON

To clipboard

{
  "cisaActionDue": "2024-02-07",
  "cisaExploitAdd": "2024-01-17",
  "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
  "cisaVulnerabilityName": "Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:*",
              "matchCriteriaId": "E5672003-8E6B-4316-B5C9-FE436080ADD1",
              "versionEndExcluding": "12.1-55.302",
              "versionStartIncluding": "12.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:ndcpp:*:*:*",
              "matchCriteriaId": "D1A11ABD-4F45-4BA9-B30B-F1D8A612CC15",
              "versionEndExcluding": "12.1-55.302",
              "versionStartIncluding": "12.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*",
              "matchCriteriaId": "FC0A5AAC-62DD-416A-A801-A7A95D5EF73C",
              "versionEndExcluding": "13.0-92.21",
              "versionStartIncluding": "13.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:*",
              "matchCriteriaId": "8C8A6B95-8338-4EE7-A6EC-7D84AEDC4AF3",
              "versionEndExcluding": "13.1-37.176",
              "versionStartIncluding": "13.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*",
              "matchCriteriaId": "3CF77D9D-FC89-493D-B97D-F9699D182F54",
              "versionEndExcluding": "13.1-51.15",
              "versionStartIncluding": "13.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*",
              "matchCriteriaId": "62CD82CF-9013-4E54-B175-19B804A351AA",
              "versionEndExcluding": "14.1-12.35",
              "versionStartIncluding": "14.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "68E1F810-ABCD-40A7-A8C1-4E8727799C7C",
              "versionEndExcluding": "13.0-92.21",
              "versionStartIncluding": "13.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E870C309-D5CD-4181-9DEB-4833DE2EAEB7",
              "versionEndExcluding": "13.1-51.15",
              "versionStartIncluding": "13.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2836707F-A36F-479E-BFDC-CF55AEFC37EE",
              "versionEndExcluding": "14.1-12.35",
              "versionStartIncluding": "14.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Improper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScaler Gateway allows Unauthenticated Denial of Service and\u00a0Out-Of-Bounds Memory Read\n"
    },
    {
      "lang": "es",
      "value": "La restricci\u00f3n inadecuada de las operaciones dentro de los l\u00edmites de un b\u00fafer de memoria en NetScaler ADC y NetScaler Gateway permite una denegaci\u00f3n de servicio no autenticada"
    }
  ],
  "id": "CVE-2023-6549",
  "lastModified": "2025-10-24T13:42:40.103",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 4.2,
        "source": "secure@citrix.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-01-17T21:15:11.690",
  "references": [
    {
      "source": "secure@citrix.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-6549"
    }
  ],
  "sourceIdentifier": "secure@citrix.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "secure@citrix.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cnvd-2024-17821

Vulnerability from cnvd

Title

Citrix NetScaler ADC和Gateway拒绝服务漏洞

Description

NetScaler Gateway是一款具有SSL VPN解决方案的访问网关，可为网络资产的远程最终用户提供单点登录和身份验证。NetScaler ADC是一种应用程序交付控制器。两者均为Citrix旗下的产品。 Citrix NetScaler ADC和Gateway存在拒绝服务漏洞，漏洞源于未将内存操作限制在边界范围内，攻击者可利用该漏洞发起拒绝服务漏洞。

Severity

高

Patch Name

Citrix NetScaler ADC和Gateway拒绝服务漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549

Reference

https://nvd.nist.gov/vuln/detail/CVE-2023-6549

Impacted products

Name
['Citrix Systems, Inc. NetScaler Gateway >=13.0，<13.0-92.21', 'Citrix Systems, Inc. NetScaler Gateway >=13.1，<13.1-51.15', 'Citrix Systems, Inc. NetScaler Gateway >=14.1，<14.1-12.35', 'Citrix Systems, Inc. NetScaler Application Delivery Controller >=12.1，<12.1-55.302', 'Citrix Systems, Inc. NetScaler Application Delivery Controller >=13.1，<13.1-37.176', 'Citrix Systems, Inc. NetScaler Application Delivery Controller >=13.0，<13.0-92.21', 'Citrix Systems, Inc. NetScaler Application Delivery Controller >=13.1，<13.1-51.15', 'Citrix Systems, Inc. NetScaler Application Delivery Controller >=14.1，<14.1-12.35']

Name

['Citrix Systems, Inc. NetScaler Gateway >=13.0，<13.0-92.21', 'Citrix Systems, Inc. NetScaler Gateway >=13.1，<13.1-51.15', 'Citrix Systems, Inc. NetScaler Gateway >=14.1，<14.1-12.35', 'Citrix Systems, Inc. NetScaler Application Delivery Controller >=12.1，<12.1-55.302', 'Citrix Systems, Inc. NetScaler Application Delivery Controller >=13.1，<13.1-37.176', 'Citrix Systems, Inc. NetScaler Application Delivery Controller >=13.0，<13.0-92.21', 'Citrix Systems, Inc. NetScaler Application Delivery Controller >=13.1，<13.1-51.15', 'Citrix Systems, Inc. NetScaler Application Delivery Controller >=14.1，<14.1-12.35']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2023-6549",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2023-6549"
    }
  },
  "description": "NetScaler Gateway\u662f\u4e00\u6b3e\u5177\u6709SSL VPN\u89e3\u51b3\u65b9\u6848\u7684\u8bbf\u95ee\u7f51\u5173\uff0c\u53ef\u4e3a\u7f51\u7edc\u8d44\u4ea7\u7684\u8fdc\u7a0b\u6700\u7ec8\u7528\u6237\u63d0\u4f9b\u5355\u70b9\u767b\u5f55\u548c\u8eab\u4efd\u9a8c\u8bc1\u3002NetScaler ADC\u662f\u4e00\u79cd\u5e94\u7528\u7a0b\u5e8f\u4ea4\u4ed8\u63a7\u5236\u5668\u3002\u4e24\u8005\u5747\u4e3aCitrix\u65d7\u4e0b\u7684\u4ea7\u54c1\u3002\n\nCitrix NetScaler ADC\u548cGateway\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u6f0f\u6d1e\u6e90\u4e8e\u672a\u5c06\u5185\u5b58\u64cd\u4f5c\u9650\u5236\u5728\u8fb9\u754c\u8303\u56f4\u5185\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u53d1\u8d77\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2024-17821",
  "openTime": "2024-04-12",
  "patchDescription": "NetScaler Gateway\u662f\u4e00\u6b3e\u5177\u6709SSL VPN\u89e3\u51b3\u65b9\u6848\u7684\u8bbf\u95ee\u7f51\u5173\uff0c\u53ef\u4e3a\u7f51\u7edc\u8d44\u4ea7\u7684\u8fdc\u7a0b\u6700\u7ec8\u7528\u6237\u63d0\u4f9b\u5355\u70b9\u767b\u5f55\u548c\u8eab\u4efd\u9a8c\u8bc1\u3002NetScaler ADC\u662f\u4e00\u79cd\u5e94\u7528\u7a0b\u5e8f\u4ea4\u4ed8\u63a7\u5236\u5668\u3002\u4e24\u8005\u5747\u4e3aCitrix\u65d7\u4e0b\u7684\u4ea7\u54c1\u3002\r\n\r\nCitrix NetScaler ADC\u548cGateway\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u6f0f\u6d1e\u6e90\u4e8e\u672a\u5c06\u5185\u5b58\u64cd\u4f5c\u9650\u5236\u5728\u8fb9\u754c\u8303\u56f4\u5185\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u53d1\u8d77\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Citrix NetScaler ADC\u548cGateway\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Citrix Systems, Inc. NetScaler Gateway \u003e=13.0\uff0c\u003c13.0-92.21",
      "Citrix Systems, Inc. NetScaler Gateway \u003e=13.1\uff0c\u003c13.1-51.15",
      "Citrix Systems, Inc. NetScaler Gateway \u003e=14.1\uff0c\u003c14.1-12.35",
      "Citrix Systems, Inc. NetScaler Application Delivery Controller \u003e=12.1\uff0c\u003c12.1-55.302",
      "Citrix Systems, Inc. NetScaler Application Delivery Controller \u003e=13.1\uff0c\u003c13.1-37.176",
      "Citrix Systems, Inc. NetScaler Application Delivery Controller \u003e=13.0\uff0c\u003c13.0-92.21",
      "Citrix Systems, Inc. NetScaler Application Delivery Controller \u003e=13.1\uff0c\u003c13.1-51.15",
      "Citrix Systems, Inc. NetScaler Application Delivery Controller \u003e=14.1\uff0c\u003c14.1-12.35"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2023-6549",
  "serverity": "\u9ad8",
  "submitTime": "2024-01-19",
  "title": "Citrix NetScaler ADC\u548cGateway\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}

var-202401-1629

Vulnerability from variot

Improper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScaler Gateway allows Unauthenticated Denial of Service and Out-Of-Bounds Memory Read . of Citrix Systems netscaler application delivery controller and netscaler gateway Exists in a buffer error vulnerability.Service operation interruption (DoS) It may be in a state. NetScaler Gateway is an access gateway with an SSL VPN solution that provides single sign-on and authentication for remote end users of network assets. NetScaler ADC is an application delivery controller. Both are products of Citrix.

Citrix NetScaler ADC and Gateway have a denial of service vulnerability. The vulnerability is due to not restricting memory operations within the boundary range. Attackers can exploit this vulnerability to launch a denial of service vulnerability

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202401-1629",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "netscaler gateway",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "citrix",
        "version": "13.1-51.15"
      },
      {
        "model": "netscaler application delivery controller",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "citrix",
        "version": "12.1-55.302"
      },
      {
        "model": "netscaler gateway",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "citrix",
        "version": "14.1-12.35"
      },
      {
        "model": "netscaler application delivery controller",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "citrix",
        "version": "14.1-12.35"
      },
      {
        "model": "netscaler gateway",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "citrix",
        "version": "14.1"
      },
      {
        "model": "netscaler application delivery controller",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "citrix",
        "version": "14.1"
      },
      {
        "model": "netscaler application delivery controller",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "citrix",
        "version": "13.0-92.21"
      },
      {
        "model": "netscaler gateway",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "citrix",
        "version": "13.0"
      },
      {
        "model": "netscaler gateway",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "citrix",
        "version": "13.1"
      },
      {
        "model": "netscaler application delivery controller",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "citrix",
        "version": "12.1"
      },
      {
        "model": "netscaler application delivery controller",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "citrix",
        "version": "13.0"
      },
      {
        "model": "netscaler application delivery controller",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "citrix",
        "version": "13.1-51.15"
      },
      {
        "model": "netscaler application delivery controller",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "citrix",
        "version": "13.1"
      },
      {
        "model": "netscaler gateway",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "citrix",
        "version": "13.0-92.21"
      },
      {
        "model": "netscaler application delivery controller",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "citrix",
        "version": "13.1-37.176"
      },
      {
        "model": "netscaler gateway",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30c8\u30ea\u30c3\u30af\u30b9 \u30b7\u30b9\u30c6\u30e0\u30ba",
        "version": null
      },
      {
        "model": "netscaler application delivery controller",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30c8\u30ea\u30c3\u30af\u30b9 \u30b7\u30b9\u30c6\u30e0\u30ba",
        "version": null
      },
      {
        "model": "netscaler gateway",
        "scope": "gte",
        "trust": 0.6,
        "vendor": "citrix",
        "version": "13.0,\u003c13.0-92.21"
      },
      {
        "model": "netscaler gateway",
        "scope": "gte",
        "trust": 0.6,
        "vendor": "citrix",
        "version": "13.1,\u003c13.1-51.15"
      },
      {
        "model": "netscaler gateway",
        "scope": "gte",
        "trust": 0.6,
        "vendor": "citrix",
        "version": "14.1,\u003c14.1-12.35"
      },
      {
        "model": "netscaler application delivery controller",
        "scope": "gte",
        "trust": 0.6,
        "vendor": "citrix",
        "version": "12.1,\u003c12.1-55.302"
      },
      {
        "model": "netscaler application delivery controller",
        "scope": "gte",
        "trust": 0.6,
        "vendor": "citrix",
        "version": "13.1,\u003c13.1-37.176"
      },
      {
        "model": "netscaler application delivery controller",
        "scope": "gte",
        "trust": 0.6,
        "vendor": "citrix",
        "version": "13.0,\u003c13.0-92.21"
      },
      {
        "model": "netscaler application delivery controller",
        "scope": "gte",
        "trust": 0.6,
        "vendor": "citrix",
        "version": "13.1,\u003c13.1-51.15"
      },
      {
        "model": "netscaler application delivery controller",
        "scope": "gte",
        "trust": 0.6,
        "vendor": "citrix",
        "version": "14.1,\u003c14.1-12.35"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2024-17821"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-025480"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-6549"
      }
    ]
  },
  "cve": "CVE-2023-6549",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 8.5,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2024-17821",
            "impactScore": 7.8,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2023-6549",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "secure@citrix.com",
            "availabilityImpact": "HIGH",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2023-6549",
            "impactScore": 4.2,
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2023-6549",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2023-6549",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "secure@citrix.com",
            "id": "CVE-2023-6549",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2023-6549",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2024-17821",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2024-17821"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-025480"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-6549"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-6549"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Improper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScaler Gateway allows Unauthenticated Denial of Service and\u00a0Out-Of-Bounds Memory Read\n. of Citrix Systems netscaler application delivery controller and netscaler gateway Exists in a buffer error vulnerability.Service operation interruption (DoS) It may be in a state. NetScaler Gateway is an access gateway with an SSL VPN solution that provides single sign-on and authentication for remote end users of network assets. NetScaler ADC is an application delivery controller. Both are products of Citrix. \n\nCitrix NetScaler ADC and Gateway have a denial of service vulnerability. The vulnerability is due to not restricting memory operations within the boundary range. Attackers can exploit this vulnerability to launch a denial of service vulnerability",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2023-6549"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-025480"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2024-17821"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2023-6549",
        "trust": 3.2
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-025480",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2024-17821",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2024-17821"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-025480"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-6549"
      }
    ]
  },
  "id": "VAR-202401-1629",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2024-17821"
      }
    ],
    "trust": 0.06
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2024-17821"
      }
    ]
  },
  "last_update_date": "2024-08-14T15:10:22.289000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Patch for Citrix NetScaler ADC and Gateway Denial of Service Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/541106"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2024-17821"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.0
      },
      {
        "problemtype": "Buffer error (CWE-119) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-025480"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-6549"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "https://support.citrix.com/article/ctx584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-6549"
      },
      {
        "trust": 0.8,
        "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2024-17821"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-025480"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-6549"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2024-17821"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-025480"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-6549"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2024-04-12T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2024-17821"
      },
      {
        "date": "2024-02-05T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2023-025480"
      },
      {
        "date": "2024-01-17T21:15:11.690000",
        "db": "NVD",
        "id": "CVE-2023-6549"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2024-04-12T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2024-17821"
      },
      {
        "date": "2024-02-05T06:37:00",
        "db": "JVNDB",
        "id": "JVNDB-2023-025480"
      },
      {
        "date": "2024-06-10T16:27:52.507000",
        "db": "NVD",
        "id": "CVE-2023-6549"
      }
    ]
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "of Citrix Systems \u00a0netscaler\u00a0application\u00a0delivery\u00a0controller\u00a0 and \u00a0netscaler\u00a0gateway\u00a0 Buffer error vulnerability in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-025480"
      }
    ],
    "trust": 0.8
  }
}

CERTFR-2024-AVI-0039

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Citrix. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une injection de code indirecte à distance (XSS).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Citrix StoreFront versions 2308.x antérieures à 2308.1
Citrix StoreFront versions antérieures à 2311
Citrix StoreFront versions 1912 LSTR antérieures à 1912 LTSR CU8 hotfix 3.22.8001.2
Citrix StoreFront versions 2203 LSTR antérieures à 2203 LTSR CU4 Update 1
Citrix Virtual Apps and Desktops versions antérieures à 2311
Citrix Virtual Apps and Desktops versions 1912 LTSR antérieures à 1912 LTSR CU8 hotfix 19.12.8100.4
Citrix Virtual Apps and Desktops versions 2203 LSTR antérieures à 2203 LTSR CU4
NetScaler ADC et NetScaler Gateway versions 14.1.x versions antérieures à 14.1-12.35
NetScaler ADC et NetScaler Gateway versions 13.1.x versions antérieures à 13.1-51.15
NetScaler ADC et NetScaler Gateway versions 13.0.x versions antérieures à 13.0-92.21
NetScaler ADC versions 13.1.x-FIPS versions antérieures à 13.1-37.176
NetScaler ADC versions 12.1.x-FIPS versions antérieures à 12.1-55.302
NetScaler ADC versions 12.1.x-NDcPP versions antérieures à 12.1-55.302

L’éditeur précise que les produits NetScaler ADC and NetScaler Gateway en versions 12.1 sont en fin de vie (EOL) et ne bénéficient plus de mises à jour de sécurité.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2023-6549 (GCVE-0-2023-6549)

Vulnerability from cvelistv5

CISA Known Exploited Vulnerability

Data from the CISA Known Exploited Vulnerabilities Catalog

Vulnerability from gsd

Vulnerability from csaf_certbund

Vulnerability from csaf_certbund

Vulnerability from github

Vulnerability from fkie_nvd

Vulnerability from cnvd

Vulnerability from variot

Vulnerability from certfr_avis

Solution

Tags

Sightings

Nomenclature