CVE-2023-6548
Published: 17 January 2024
Summary
CVE-2023-6548 is a medium-severity Code Injection (CWE-94) vulnerability in Citrix Netscaler Application Delivery Controller. Its CVSS base score is 5.5 (Medium).
Operationally, ranked in the top 8.7% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and AC-6 (Least Privilege).
Deeper analysis
CVE-2023-6548 is a code injection vulnerability (CWE-94) affecting NetScaler ADC and NetScaler Gateway. It stems from improper control of code generation and permits an authenticated low-privileged attacker who already has network access to the NSIP, CLIP, or SNIP management interface to execute arbitrary code on that interface. The flaw carries a CVSS v3.1 score of 5.5 with an adjacent-network attack vector and low attack complexity.
An attacker positioned on the management network and possessing valid low-privileged credentials can leverage the injection flaw to run commands on the management plane, achieving limited confidentiality, integrity, and availability impacts without user interaction.
Citrix security bulletin CTX584986 addresses both CVE-2023-6548 and the related CVE-2023-6549, providing remediation guidance and updated builds for affected NetScaler ADC and Gateway versions. The vulnerability is also listed in CISA’s Known Exploited Vulnerabilities catalog.
EPSS for the CVE reached a recorded peak of 0.1039 before receding to the current value of 0.0649, indicating a modest post-disclosure increase in observed exploitation interest.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-58778
Vulnerability details
Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway allows an attacker with access to NSIP, CLIP or SNIP with management interface to perform Authenticated (low privileged) remote code execution on Management Interface.
- CWE(s)
- KEV Date Added
- 17 January 2024
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly counters the CWE-94 code injection by requiring validation of all inputs on the management interface before code generation occurs.
Enforces least-privilege restrictions so a low-privileged authenticated user on NSIP/CLIP/SNIP cannot reach code-generation paths even if the injection flaw exists.
Restricts the ability to modify or generate code/configuration on the NetScaler management interface to only authorized, privileged subjects.