CVE-2023-6549

Warning

EPSS 16.34%
Published 17.01.2024 21:15:11
Last modified 27.01.2025 21:48:20
Source secure@citrix.com
Teams watchlist Login
Open Login

Improper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScaler Gateway allows Unauthenticated Denial of Service and Out-Of-Bounds Memory Read

Affected products Warnungen 1 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Citrix ≫ Netscaler Application Delivery Controller SwEditionfips Version >= 12.1 < 12.1-55.302

Citrix ≫ Netscaler Application Delivery Controller SwEditionndcpp Version >= 12.1 < 12.1-55.302

Citrix ≫ Netscaler Application Delivery Controller SwEdition- Version >= 13.0 < 13.0-92.21

Citrix ≫ Netscaler Application Delivery Controller SwEditionfips Version >= 13.1 < 13.1-37.176

Citrix ≫ Netscaler Application Delivery Controller SwEdition- Version >= 13.1 < 13.1-51.15

Citrix ≫ Netscaler Application Delivery Controller SwEdition- Version >= 14.1 < 14.1-12.35

Citrix ≫ NetScaler Gateway Version >= 13.0 < 13.0-92.21

Citrix ≫ NetScaler Gateway Version >= 13.1 < 13.1-51.15

Citrix ≫ NetScaler Gateway Version >= 14.1 < 14.1-12.35

17.01.2024: CISA Known Exploited Vulnerabilities (KEV) Catalog

Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability

Vulnerability

Citrix NetScaler ADC and NetScaler Gateway contain a buffer overflow vulnerability that allows for a denial-of-service when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.

Description

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Required actions

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	16.34%	0.946

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
secure@citrix.com	8.2	3.9	4.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-6549

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-6549

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-6549

EUVD