CVE-2023-6549

Warnung

EPSS 16.34%
Veröffentlicht 17.01.2024 21:15:11
Zuletzt bearbeitet 27.01.2025 21:48:20
Quelle secure@citrix.com
Teams Watchlist Login
Unerledigt Login

Improper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScaler Gateway allows Unauthenticated Denial of Service and Out-Of-Bounds Memory Read

Betroffene Produkte Warnungen 1 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Citrix ≫ Netscaler Application Delivery Controller SwEditionfips Version >= 12.1 < 12.1-55.302

Citrix ≫ Netscaler Application Delivery Controller SwEditionndcpp Version >= 12.1 < 12.1-55.302

Citrix ≫ Netscaler Application Delivery Controller SwEdition- Version >= 13.0 < 13.0-92.21

Citrix ≫ Netscaler Application Delivery Controller SwEditionfips Version >= 13.1 < 13.1-37.176

Citrix ≫ Netscaler Application Delivery Controller SwEdition- Version >= 13.1 < 13.1-51.15

Citrix ≫ Netscaler Application Delivery Controller SwEdition- Version >= 14.1 < 14.1-12.35

Citrix ≫ NetScaler Gateway Version >= 13.0 < 13.0-92.21

Citrix ≫ NetScaler Gateway Version >= 13.1 < 13.1-51.15

Citrix ≫ NetScaler Gateway Version >= 14.1 < 14.1-12.35

17.01.2024: CISA Known Exploited Vulnerabilities (KEV) Catalog

Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability

Schwachstelle

Citrix NetScaler ADC and NetScaler Gateway contain a buffer overflow vulnerability that allows for a denial-of-service when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.

Beschreibung

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	16.34%	0.946

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
secure@citrix.com	8.2	3.9	4.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-6549

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-6549

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-6549

EUVD