⚠ Actively exploited
Added to CISA KEV on 2024-01-17. Federal agencies required to patch by 2024-01-24. Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable..
CVE-2023-6548 — Code Injection in Software Group Netscaler ADC
Severity
8.8HIGHNVD
VulnCheck8.2VulnCheck5.5
EPSS
8.3%
top 7.72%
CISA KEV
KEV
Added 2024-01-17
Due 2024-01-24
Exploit
Exploited in wild
Active exploitation observed
Affected products
Timeline
PublishedJan 17
KEV addedJan 17
KEV dueJan 24
Latest updateApr 23
CISA Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Description
Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway allows an attacker with access to NSIP, CLIP or SNIP with management interface to perform Authenticated (low privileged) remote code execution on Management Interface.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9
Affected Packages9 packages
🔴Vulnerability Details
3GHSA▶
GHSA-w4rw-v3mm-hj8h: [PROBLEMTYPE] in [COMPONENT] in [VENDOR] [PRODUCT] [VERSION] on [PLATFORMS] allows [ATTACKER] to [IMPACT] via [VECTOR]↗2024-01-17
📋Vendor Advisories
2🕵️Threat Intelligence
6Tenable▶
Verizon 2025 DBIR: Tenable Research Collaboration Shines a Spotlight on CVE Remediation Trends↗2025-04-23