Unauthenticated Denial of Service Vulnerability
CVE-2023-6549

7.5HIGH

Key Information:

Vendor: Cloud Software Group
Status: Netscaler Adc
Vendor: CVE Published:; 17 January 2024

Badges

👾 Exploit Exists🦅 CISA Reported📰 News Worthy

Summary

The vulnerability relates to an improper restriction of operations within the bounds of a memory buffer in Citrix's NetScaler ADC and NetScaler Gateway. This flaw allows unauthenticated attackers to cause a denial of service and perform out-of-bounds memory reads. Exploitation of this vulnerability could lead to significant disruption and potential unauthorized access to sensitive information stored in memory. Organizations using affected versions of these products should apply recommended mitigations and updates to ensure their systems remain secure.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

NetScaler ADC  14.1 < 12.35

NetScaler ADC  13.1 < 51.15

NetScaler ADC  13.0 < 92.21

News Articles

Arctic Wolf

CVE-2023-6548 CVE-2023-6549

CVE-2023-6548 & CVE-2023-6549: DoS and RCE Vulnerabilities Exploited in Citrix NetScaler ADC and NetScaler Gateway - Arctic Wolf

On January 16, 2024, Citrix published a security bulletin disclosing two zero-day vulnerabilities (CVE-2023-6548 & CVE-2023-6549) being actively exploited in Citrix NetScaler ADC and NetScaler Gateway. CVE-2023-6548 CVSS 5.5 – Medium Actively Exploited? Code injection vulnerability on the Manageme...

1 year ago

Duo Security

CVE-2023-6548 CVE-2023-6549

Citrix Discloses Actively Exploited NetScaler ADC and Gateway Flaws

Flaws in Citrix NetScaler and ADC Gateway have historically been targeted by threat actors, though researchers don’t believe the impact of these two bugs to match that of CitrixBleed.

1 year ago

Malwarebytes

CVE-2023-6548 CVE-2023-6549

CISA urges urgent patching of two actively exploited Citrix NetScaler vulnerabilities | Malwarebytes

CISA has added two Citrix NetScaler vulnerabilities to its vulnerability catalog, with a very short deadline to patch.

1 year ago

References

https://support.citrix.com/article/CTX584986/netscaler-ad...

EPSS Score

1% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit known to exist
Jan 17, 2024
🦅
CISA Reported
Jan 17, 2024
Vulnerability published
Jan 17, 2024
📰
First article discovered by BornCity
Jan 16, 2024
Vulnerability Reserved
Dec 6, 2023

Collectors

NVD DatabaseMitre DatabaseCISA Database14 News Article(s)