cnvd - cnvd-2024-17820

cnvd-2024-17820

Vulnerability from cnvd

Title: Citrix NetScaler ADC和NetScaler Gateway存在代码注入漏洞

Description:

NetScaler ADC是一种应用程序交付控制器。NetScaler Gateway是一款具有SSL VPN解决方案的访问网关，可为网络资产的远程最终用户提供单点登录和身份验证。两者均为Citrix旗下的产品。

Citrix NetScaler ADC和NetScaler Gateway存在代码注入漏洞，漏洞源于NetScaler ADC and NetScaler Gateway中的代码生成控制不当。具有管理界面的NSIP、CLIP或SNIP访问权限的攻击者，可利用漏洞在管理界面上执行经过身份验证（低权限）的远程代码执行。

Severity: 高

Patch Name: Citrix NetScaler ADC和NetScaler Gateway存在代码注入漏洞的补丁

Patch Description:

Formal description:

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://www.citrix.com/downloads/

Reference: https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549https://cxsecurity.com/cveshow/CVE-2023-6548/https://nvd.nist.gov/vuln/detail/CVE-2023-6548

Impacted products

Name
['Citrix Systems, Inc. NetScaler Gateway >=13.0，<13.0-92.21', 'Citrix Systems, Inc. NetScaler Gateway >=13.1，<13.1-51.15', 'Citrix Systems, Inc. NetScaler Gateway >=14.1，<14.1-12.35', 'Citrix Systems, Inc. NetScaler Application Delivery Controller >=12.1，<12.1-55.302', 'Citrix Systems, Inc. NetScaler Application Delivery Controller >=13.1，<13.1-37.176', 'Citrix Systems, Inc. NetScaler Application Delivery Controller >=13.0，<13.0-92.21', 'Citrix Systems, Inc. NetScaler Application Delivery Controller >=13.1，<13.1-51.15', 'Citrix Systems, Inc. NetScaler Application Delivery Controller >=14.1，<14.1-12.35']

Name

['Citrix Systems, Inc. NetScaler Gateway >=13.0，<13.0-92.21', 'Citrix Systems, Inc. NetScaler Gateway >=13.1，<13.1-51.15', 'Citrix Systems, Inc. NetScaler Gateway >=14.1，<14.1-12.35', 'Citrix Systems, Inc. NetScaler Application Delivery Controller >=12.1，<12.1-55.302', 'Citrix Systems, Inc. NetScaler Application Delivery Controller >=13.1，<13.1-37.176', 'Citrix Systems, Inc. NetScaler Application Delivery Controller >=13.0，<13.0-92.21', 'Citrix Systems, Inc. NetScaler Application Delivery Controller >=13.1，<13.1-51.15', 'Citrix Systems, Inc. NetScaler Application Delivery Controller >=14.1，<14.1-12.35']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2023-6548",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2023-6548"
    }
  },
  "description": "NetScaler ADC\u662f\u4e00\u79cd\u5e94\u7528\u7a0b\u5e8f\u4ea4\u4ed8\u63a7\u5236\u5668\u3002NetScaler Gateway\u662f\u4e00\u6b3e\u5177\u6709SSL VPN\u89e3\u51b3\u65b9\u6848\u7684\u8bbf\u95ee\u7f51\u5173\uff0c\u53ef\u4e3a\u7f51\u7edc\u8d44\u4ea7\u7684\u8fdc\u7a0b\u6700\u7ec8\u7528\u6237\u63d0\u4f9b\u5355\u70b9\u767b\u5f55\u548c\u8eab\u4efd\u9a8c\u8bc1\u3002\u4e24\u8005\u5747\u4e3aCitrix\u65d7\u4e0b\u7684\u4ea7\u54c1\u3002\n\nCitrix NetScaler ADC\u548cNetScaler Gateway\u5b58\u5728\u4ee3\u7801\u6ce8\u5165\u6f0f\u6d1e\uff0c\u6f0f\u6d1e\u6e90\u4e8eNetScaler ADC and NetScaler Gateway\u4e2d\u7684\u4ee3\u7801\u751f\u6210\u63a7\u5236\u4e0d\u5f53\u3002\u5177\u6709\u7ba1\u7406\u754c\u9762\u7684NSIP\u3001CLIP\u6216SNIP\u8bbf\u95ee\u6743\u9650\u7684\u653b\u51fb\u8005\uff0c\u53ef\u5229\u7528\u6f0f\u6d1e\u5728\u7ba1\u7406\u754c\u9762\u4e0a\u6267\u884c\u7ecf\u8fc7\u8eab\u4efd\u9a8c\u8bc1\uff08\u4f4e\u6743\u9650\uff09\u7684\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.citrix.com/downloads/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2024-17820",
  "openTime": "2024-04-12",
  "patchDescription": "NetScaler ADC\u662f\u4e00\u79cd\u5e94\u7528\u7a0b\u5e8f\u4ea4\u4ed8\u63a7\u5236\u5668\u3002NetScaler Gateway\u662f\u4e00\u6b3e\u5177\u6709SSL VPN\u89e3\u51b3\u65b9\u6848\u7684\u8bbf\u95ee\u7f51\u5173\uff0c\u53ef\u4e3a\u7f51\u7edc\u8d44\u4ea7\u7684\u8fdc\u7a0b\u6700\u7ec8\u7528\u6237\u63d0\u4f9b\u5355\u70b9\u767b\u5f55\u548c\u8eab\u4efd\u9a8c\u8bc1\u3002\u4e24\u8005\u5747\u4e3aCitrix\u65d7\u4e0b\u7684\u4ea7\u54c1\u3002\r\n\r\nCitrix NetScaler ADC\u548cNetScaler Gateway\u5b58\u5728\u4ee3\u7801\u6ce8\u5165\u6f0f\u6d1e\uff0c\u6f0f\u6d1e\u6e90\u4e8eNetScaler ADC and NetScaler Gateway\u4e2d\u7684\u4ee3\u7801\u751f\u6210\u63a7\u5236\u4e0d\u5f53\u3002\u5177\u6709\u7ba1\u7406\u754c\u9762\u7684NSIP\u3001CLIP\u6216SNIP\u8bbf\u95ee\u6743\u9650\u7684\u653b\u51fb\u8005\uff0c\u53ef\u5229\u7528\u6f0f\u6d1e\u5728\u7ba1\u7406\u754c\u9762\u4e0a\u6267\u884c\u7ecf\u8fc7\u8eab\u4efd\u9a8c\u8bc1\uff08\u4f4e\u6743\u9650\uff09\u7684\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Citrix NetScaler ADC\u548cNetScaler Gateway\u5b58\u5728\u4ee3\u7801\u6ce8\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Citrix Systems, Inc. NetScaler Gateway \u003e=13.0\uff0c\u003c13.0-92.21",
      "Citrix Systems, Inc. NetScaler Gateway \u003e=13.1\uff0c\u003c13.1-51.15",
      "Citrix Systems, Inc. NetScaler Gateway \u003e=14.1\uff0c\u003c14.1-12.35",
      "Citrix Systems, Inc. NetScaler Application Delivery Controller \u003e=12.1\uff0c\u003c12.1-55.302",
      "Citrix Systems, Inc. NetScaler Application Delivery Controller \u003e=13.1\uff0c\u003c13.1-37.176",
      "Citrix Systems, Inc. NetScaler Application Delivery Controller \u003e=13.0\uff0c\u003c13.0-92.21",
      "Citrix Systems, Inc. NetScaler Application Delivery Controller \u003e=13.1\uff0c\u003c13.1-51.15",
      "Citrix Systems, Inc. NetScaler Application Delivery Controller \u003e=14.1\uff0c\u003c14.1-12.35"
    ]
  },
  "referenceLink": "https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549https://cxsecurity.com/cveshow/CVE-2023-6548/https://nvd.nist.gov/vuln/detail/CVE-2023-6548",
  "serverity": "\u9ad8",
  "submitTime": "2024-02-22",
  "title": "Citrix NetScaler ADC\u548cNetScaler Gateway\u5b58\u5728\u4ee3\u7801\u6ce8\u5165\u6f0f\u6d1e"
}

CVE-2023-6548 (GCVE-0-2023-6548)

Vulnerability from cvelistv5

Published

2024-01-17 20:11

Modified

2025-07-30 01:37

Severity ?

5.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE

CWE-94 - Improper Control of Generation of Code ('Code Injection')

Summary

Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway allows an attacker with access to NSIP, CLIP or SNIP with management interface to perform Authenticated (low privileged) remote code execution on Management Interface.

References

▼	URL	Tags
	https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549

Impacted products

Vendor

Product

Version

▼

Cloud Software Group

NetScaler ADC 

Version: 14.1
Version: 13.1
Version: 13.0
Version: 13.1-FIPS
Version: 12.1-FIPS
Version: 12.1-NDcPP

Cloud Software Group

NetScaler Gateway

Version: 14.1
Version: 13.1
Version: 13.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:citrix:netscaler_application_delivery_controller:14.1:*:*:*:-:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "netscaler_application_delivery_controller",
            "vendor": "citrix",
            "versions": [
              {
                "lessThan": "14.1-12.35",
                "status": "affected",
                "version": "14.1",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:citrix:netscaler_application_delivery_controller:13.1:*:*:*:-:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "netscaler_application_delivery_controller",
            "vendor": "citrix",
            "versions": [
              {
                "lessThan": "13.1-51.15",
                "status": "affected",
                "version": "13.1",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:citrix:netscaler_application_delivery_controller:13.0:*:*:*:-:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "netscaler_application_delivery_controller",
            "vendor": "citrix",
            "versions": [
              {
                "lessThan": "13.0-92.21",
                "status": "affected",
                "version": "13.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:citrix:netscaler_application_delivery_controller:13.1:*:*:*:fips:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "netscaler_application_delivery_controller",
            "vendor": "citrix",
            "versions": [
              {
                "lessThan": "13.1-37.176",
                "status": "affected",
                "version": "13.1",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:citrix:netscaler_application_delivery_controller:12.1:*:*:*:fips:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "netscaler_application_delivery_controller",
            "vendor": "citrix",
            "versions": [
              {
                "lessThan": "12.1-55.302",
                "status": "affected",
                "version": "12.1",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:citrix:netscaler_application_delivery_controller:12.1:*:*:*:ndcpp:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "netscaler_application_delivery_controller",
            "vendor": "citrix",
            "versions": [
              {
                "lessThan": "12.1-55.302",
                "status": "affected",
                "version": "12.1",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:citrix:netscaler_gateway:14.1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "netscaler_gateway",
            "vendor": "citrix",
            "versions": [
              {
                "lessThan": "14.1-12.35",
                "status": "affected",
                "version": "14.1",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:citrix:netscaler_gateway:13.1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "netscaler_gateway",
            "vendor": "citrix",
            "versions": [
              {
                "lessThan": "13.1-51.15",
                "status": "affected",
                "version": "13.1",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:citrix:netscaler_gateway:13.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "netscaler_gateway",
            "vendor": "citrix",
            "versions": [
              {
                "lessThan": "13.0-92.21",
                "status": "affected",
                "version": "13.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-6548",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-01-18T14:00:57.375485Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2024-01-17",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-6548"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-30T01:37:08.884Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "timeline": [
          {
            "lang": "en",
            "time": "2024-01-17T00:00:00+00:00",
            "value": "CVE-2023-6548 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:35:14.029Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "NetScaler ADC\u202f",
          "vendor": "Cloud Software Group",
          "versions": [
            {
              "lessThan": "12.35",
              "status": "affected",
              "version": "14.1",
              "versionType": "patch"
            },
            {
              "lessThan": "51.15",
              "status": "affected",
              "version": "13.1",
              "versionType": "patch"
            },
            {
              "lessThan": "92.21",
              "status": "affected",
              "version": "13.0 ",
              "versionType": "patch"
            },
            {
              "lessThan": "37.176",
              "status": "affected",
              "version": " 13.1-FIPS",
              "versionType": "patch"
            },
            {
              "lessThan": "55.302",
              "status": "affected",
              "version": "12.1-FIPS",
              "versionType": "patch"
            },
            {
              "lessThan": "55.302",
              "status": "affected",
              "version": "12.1-NDcPP",
              "versionType": "patch"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "NetScaler Gateway",
          "vendor": "Cloud Software Group",
          "versions": [
            {
              "lessThan": "12.35",
              "status": "affected",
              "version": "14.1",
              "versionType": "patch"
            },
            {
              "lessThan": "51.15",
              "status": "affected",
              "version": "13.1",
              "versionType": "patch"
            },
            {
              "lessThan": "92.21",
              "status": "affected",
              "version": "13.0",
              "versionType": "patch"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eImproper Control of Generation of Code (\u0027Code Injection\u0027) in NetScaler ADC and NetScaler Gateway\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eallows an attacker with\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;access\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;to NSIP, CLIP or SNIP with management interface to perform\u003c/span\u003e\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAuthenticated (low privileged) remote code execution on Management Interface.\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e"
            }
          ],
          "value": "Improper Control of Generation of Code (\u0027Code Injection\u0027) in NetScaler ADC and NetScaler Gateway\u00a0allows an attacker with\u00a0access\u00a0to NSIP, CLIP or SNIP with management interface to perform\u00a0Authenticated (low privileged) remote code execution on Management Interface."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-18T01:12:54.917Z",
        "orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
        "shortName": "Citrix"
      },
      "references": [
        {
          "url": "https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
    "assignerShortName": "Citrix",
    "cveId": "CVE-2023-6548",
    "datePublished": "2024-01-17T20:11:18.462Z",
    "dateReserved": "2023-12-06T11:01:54.643Z",
    "dateUpdated": "2025-07-30T01:37:08.884Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted