Cyber Resilience

CVE-2023-6548

MediumCISA KEVActive ExploitationEUVD Exploited

Published: 17 January 2024

Published
17 January 2024
Modified
24 October 2025
KEV Added
17 January 2024
Patch
CVSS Score v3.1 5.5 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS Score 0.0649 91.3th percentile
Risk Priority 35 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-6548 is a medium-severity Code Injection (CWE-94) vulnerability in Citrix Netscaler Application Delivery Controller. Its CVSS base score is 5.5 (Medium).

Operationally, ranked in the top 8.7% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and AC-6 (Least Privilege).

Deeper analysis

CVE-2023-6548 is a code injection vulnerability (CWE-94) affecting NetScaler ADC and NetScaler Gateway. It stems from improper control of code generation and permits an authenticated low-privileged attacker who already has network access to the NSIP, CLIP, or SNIP management interface to execute arbitrary code on that interface. The flaw carries a CVSS v3.1 score of 5.5 with an adjacent-network attack vector and low attack complexity.

An attacker positioned on the management network and possessing valid low-privileged credentials can leverage the injection flaw to run commands on the management plane, achieving limited confidentiality, integrity, and availability impacts without user interaction.

Citrix security bulletin CTX584986 addresses both CVE-2023-6548 and the related CVE-2023-6549, providing remediation guidance and updated builds for affected NetScaler ADC and Gateway versions. The vulnerability is also listed in CISA’s Known Exploited Vulnerabilities catalog.

EPSS for the CVE reached a recorded peak of 0.1039 before receding to the current value of 0.0649, indicating a modest post-disclosure increase in observed exploitation interest.

EU & UK References

Vulnerability details

Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway allows an attacker with access to NSIP, CLIP or SNIP with management interface to perform Authenticated (low privileged) remote code execution on Management Interface.

CWE(s)
KEV Date Added
17 January 2024

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

citrix
netscaler application delivery controller
12.1 — 12.1-55.302 · 12.1 — 12.1-55.302 · 13.0 — 13.0-92.21
citrix
netscaler gateway
13.0 — 13.0-92.21 · 13.1 — 13.1-51.15 · 14.1 — 14.1-12.35

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly counters the CWE-94 code injection by requiring validation of all inputs on the management interface before code generation occurs.

prevent

Enforces least-privilege restrictions so a low-privileged authenticated user on NSIP/CLIP/SNIP cannot reach code-generation paths even if the injection flaw exists.

prevent

Restricts the ability to modify or generate code/configuration on the NetScaler management interface to only authorized, privileged subjects.

References