{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-6548", "assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6", "state": "PUBLISHED", "assignerShortName": "Citrix", "dateReserved": "2023-12-06T11:01:54.643Z", "datePublished": "2024-01-17T20:11:18.462Z", "dateUpdated": "2025-10-21T23:05:28.157Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "NetScaler ADC\u202f", "vendor": "Cloud Software Group", "versions": [{"lessThan": "12.35", "status": "affected", "version": "14.1", "versionType": "patch"}, {"lessThan": "51.15", "status": "affected", "version": "13.1", "versionType": "patch"}, {"lessThan": "92.21", "status": "affected", "version": "13.0 ", "versionType": "patch"}, {"lessThan": "37.176", "status": "affected", "version": " 13.1-FIPS", "versionType": "patch"}, {"lessThan": "55.302", "status": "affected", "version": "12.1-FIPS", "versionType": "patch"}, {"lessThan": "55.302", "status": "affected", "version": "12.1-NDcPP", "versionType": "patch"}]}, {"defaultStatus": "unaffected", "product": "NetScaler Gateway", "vendor": "Cloud Software Group", "versions": [{"lessThan": "12.35", "status": "affected", "version": "14.1", "versionType": "patch"}, {"lessThan": "51.15", "status": "affected", "version": "13.1", "versionType": "patch"}, {"lessThan": "92.21", "status": "affected", "version": "13.0", "versionType": "patch"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">allows an attacker with<span style=\"background-color: rgb(255, 255, 255);\">&nbsp;access</span><span style=\"background-color: rgb(255, 255, 255);\">&nbsp;to NSIP, CLIP or SNIP with management interface to perform</span>&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">Authenticated (low privileged) remote code execution on Management Interface.</span></span></span>"}], "value": "Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway\u00a0allows an attacker with\u00a0access\u00a0to NSIP, CLIP or SNIP with management interface to perform\u00a0Authenticated (low privileged) remote code execution on Management Interface."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6", "shortName": "Citrix", "dateUpdated": "2024-01-18T01:12:54.917Z"}, "references": [{"url": "https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-6548", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-01-18T14:00:57.375485Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2024-01-17", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-6548"}}}], "affected": [{"cpes": ["cpe:2.3:a:citrix:netscaler_application_delivery_controller:14.1:*:*:*:-:*:*:*"], "vendor": "citrix", "product": "netscaler_application_delivery_controller", "versions": [{"status": "affected", "version": "14.1", "lessThan": "14.1-12.35", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:citrix:netscaler_application_delivery_controller:13.1:*:*:*:-:*:*:*"], "vendor": "citrix", "product": "netscaler_application_delivery_controller", "versions": [{"status": "affected", "version": "13.1", "lessThan": "13.1-51.15", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:citrix:netscaler_application_delivery_controller:13.0:*:*:*:-:*:*:*"], "vendor": "citrix", "product": "netscaler_application_delivery_controller", "versions": [{"status": "affected", "version": "13.0", "lessThan": "13.0-92.21", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:citrix:netscaler_application_delivery_controller:13.1:*:*:*:fips:*:*:*"], "vendor": "citrix", "product": "netscaler_application_delivery_controller", "versions": [{"status": "affected", "version": "13.1", "lessThan": "13.1-37.176", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:citrix:netscaler_application_delivery_controller:12.1:*:*:*:fips:*:*:*"], "vendor": "citrix", "product": "netscaler_application_delivery_controller", "versions": [{"status": "affected", "version": "12.1", "lessThan": "12.1-55.302", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:citrix:netscaler_application_delivery_controller:12.1:*:*:*:ndcpp:*:*:*"], "vendor": "citrix", "product": "netscaler_application_delivery_controller", "versions": [{"status": "affected", "version": "12.1", "lessThan": "12.1-55.302", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:citrix:netscaler_gateway:14.1:*:*:*:*:*:*:*"], "vendor": "citrix", "product": "netscaler_gateway", "versions": [{"status": "affected", "version": "14.1", "lessThan": "14.1-12.35", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:citrix:netscaler_gateway:13.1:*:*:*:*:*:*:*"], "vendor": "citrix", "product": "netscaler_gateway", "versions": [{"status": "affected", "version": "13.1", "lessThan": "13.1-51.15", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:citrix:netscaler_gateway:13.0:*:*:*:*:*:*:*"], "vendor": "citrix", "product": "netscaler_gateway", "versions": [{"status": "affected", "version": "13.0", "lessThan": "13.0-92.21", "versionType": "custom"}], "defaultStatus": "unknown"}], "references": [{"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-6548", "tags": ["government-resource"]}], "timeline": [{"time": "2024-01-17T00:00:00+00:00", "lang": "en", "value": "CVE-2023-6548 added to CISA KEV"}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-21T23:05:28.157Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:35:14.029Z"}, "title": "CVE Program Container", "references": [{"url": "https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:35:14.029Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-6548", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-01-18T14:00:57.375485Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2024-01-17", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-6548"}}}], "affected": [{"cpes": ["cpe:2.3:a:citrix:netscaler_application_delivery_controller:14.1:*:*:*:-:*:*:*"], "vendor": "citrix", "product": "netscaler_application_delivery_controller", "versions": [{"status": "affected", "version": "14.1", "lessThan": "14.1-12.35", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:citrix:netscaler_application_delivery_controller:13.1:*:*:*:-:*:*:*"], "vendor": "citrix", "product": "netscaler_application_delivery_controller", "versions": [{"status": "affected", "version": "13.1", "lessThan": "13.1-51.15", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:citrix:netscaler_application_delivery_controller:13.0:*:*:*:-:*:*:*"], "vendor": "citrix", "product": "netscaler_application_delivery_controller", "versions": [{"status": "affected", "version": "13.0", "lessThan": "13.0-92.21", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:citrix:netscaler_application_delivery_controller:13.1:*:*:*:fips:*:*:*"], "vendor": "citrix", "product": "netscaler_application_delivery_controller", "versions": [{"status": "affected", "version": "13.1", "lessThan": "13.1-37.176", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:citrix:netscaler_application_delivery_controller:12.1:*:*:*:fips:*:*:*"], "vendor": "citrix", "product": "netscaler_application_delivery_controller", "versions": [{"status": "affected", "version": "12.1", "lessThan": "12.1-55.302", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:citrix:netscaler_application_delivery_controller:12.1:*:*:*:ndcpp:*:*:*"], "vendor": "citrix", "product": "netscaler_application_delivery_controller", "versions": [{"status": "affected", "version": "12.1", "lessThan": "12.1-55.302", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:citrix:netscaler_gateway:14.1:*:*:*:*:*:*:*"], "vendor": "citrix", "product": "netscaler_gateway", "versions": [{"status": "affected", "version": "14.1", "lessThan": "14.1-12.35", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:citrix:netscaler_gateway:13.1:*:*:*:*:*:*:*"], "vendor": "citrix", "product": "netscaler_gateway", "versions": [{"status": "affected", "version": "13.1", "lessThan": "13.1-51.15", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:citrix:netscaler_gateway:13.0:*:*:*:*:*:*:*"], "vendor": "citrix", "product": "netscaler_gateway", "versions": [{"status": "affected", "version": "13.0", "lessThan": "13.0-92.21", "versionType": "custom"}], "defaultStatus": "unknown"}], "timeline": [{"lang": "en", "time": "2024-01-17T00:00:00+00:00", "value": "CVE-2023-6548 added to CISA KEV"}], "references": [{"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-6548", "tags": ["government-resource"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-25T17:09:55.566Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Cloud Software Group", "product": "NetScaler ADC\u202f", "versions": [{"status": "affected", "version": "14.1", "lessThan": "12.35", "versionType": "patch"}, {"status": "affected", "version": "13.1", "lessThan": "51.15", "versionType": "patch"}, {"status": "affected", "version": "13.0 ", "lessThan": "92.21", "versionType": "patch"}, {"status": "affected", "version": " 13.1-FIPS", "lessThan": "37.176", "versionType": "patch"}, {"status": "affected", "version": "12.1-FIPS", "lessThan": "55.302", "versionType": "patch"}, {"status": "affected", "version": "12.1-NDcPP", "lessThan": "55.302", "versionType": "patch"}], "defaultStatus": "unaffected"}, {"vendor": "Cloud Software Group", "product": "NetScaler Gateway", "versions": [{"status": "affected", "version": "14.1", "lessThan": "12.35", "versionType": "patch"}, {"status": "affected", "version": "13.1", "lessThan": "51.15", "versionType": "patch"}, {"status": "affected", "version": "13.0", "lessThan": "92.21", "versionType": "patch"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway\u00a0allows an attacker with\u00a0access\u00a0to NSIP, CLIP or SNIP with management interface to perform\u00a0Authenticated (low privileged) remote code execution on Management Interface.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">allows an attacker with<span style=\"background-color: rgb(255, 255, 255);\">&nbsp;access</span><span style=\"background-color: rgb(255, 255, 255);\">&nbsp;to NSIP, CLIP or SNIP with management interface to perform</span>&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">Authenticated (low privileged) remote code execution on Management Interface.</span></span></span>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}], "providerMetadata": {"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6", "shortName": "Citrix", "dateUpdated": "2024-01-18T01:12:54.917Z"}}}, "cveMetadata": {"cveId": "CVE-2023-6548", "state": "PUBLISHED", "dateUpdated": "2025-10-21T23:05:28.157Z", "dateReserved": "2023-12-06T11:01:54.643Z", "assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6", "datePublished": "2024-01-17T20:11:18.462Z", "assignerShortName": "Citrix"}, "dataVersion": "5.1"}

{"cisaActionDue": "2024-01-24", "cisaExploitAdd": "2024-01-17", "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", "cisaVulnerabilityName": "Citrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:*", "matchCriteriaId": "E5672003-8E6B-4316-B5C9-FE436080ADD1", "versionEndExcluding": "12.1-55.302", "versionStartIncluding": "12.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:ndcpp:*:*:*", "matchCriteriaId": "D1A11ABD-4F45-4BA9-B30B-F1D8A612CC15", "versionEndExcluding": "12.1-55.302", "versionStartIncluding": "12.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*", "matchCriteriaId": "FC0A5AAC-62DD-416A-A801-A7A95D5EF73C", "versionEndExcluding": "13.0-92.21", "versionStartIncluding": "13.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:*", "matchCriteriaId": "8C8A6B95-8338-4EE7-A6EC-7D84AEDC4AF3", "versionEndExcluding": "13.1-37.176", "versionStartIncluding": "13.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*", "matchCriteriaId": "3CF77D9D-FC89-493D-B97D-F9699D182F54", "versionEndExcluding": "13.1-51.15", "versionStartIncluding": "13.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*", "matchCriteriaId": "62CD82CF-9013-4E54-B175-19B804A351AA", "versionEndExcluding": "14.1-12.35", "versionStartIncluding": "14.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "68E1F810-ABCD-40A7-A8C1-4E8727799C7C", "versionEndExcluding": "13.0-92.21", "versionStartIncluding": "13.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "E870C309-D5CD-4181-9DEB-4833DE2EAEB7", "versionEndExcluding": "13.1-51.15", "versionStartIncluding": "13.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "2836707F-A36F-479E-BFDC-CF55AEFC37EE", "versionEndExcluding": "14.1-12.35", "versionStartIncluding": "14.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway\u00a0allows an attacker with\u00a0access\u00a0to NSIP, CLIP or SNIP with management interface to perform\u00a0Authenticated (low privileged) remote code execution on Management Interface."}, {"lang": "es", "value": "El control inadecuado de la generaci\u00f3n de c\u00f3digo (\"inyecci\u00f3n de c\u00f3digo\") en NetScaler ADC y NetScaler Gateway permite a un atacante con acceso a NSIP, CLIP o SNIP con interfaz de administraci\u00f3n realizar una ejecuci\u00f3n remota de c\u00f3digo autenticado (con privilegios bajos) en Management Interface."}], "id": "CVE-2023-6548", "lastModified": "2025-10-24T13:42:45.177", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 3.4, "source": "secure@citrix.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-01-17T20:15:50.627", "references": [{"source": "secure@citrix.com", "tags": ["Vendor Advisory"], "url": "https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["US Government Resource"], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-6548"}], "sourceIdentifier": "secure@citrix.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "secure@citrix.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}