cbcvebase.
CVE-2023-6549
published 2024-01-17

CVE-2023-6549: Improper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScaler Gateway allows Unauthenticated Denial of Service and…

PriorityP182high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
KEVITWEXPLOIT
CISA Known Exploited Vulnerabilitydue 2024-02-07
Exploited in the wild
EPSS
57.63%
99.0th percentile
Improper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScaler Gateway allows Unauthenticated Denial of Service and Out-Of-Bounds Memory Read

Affected

19 ranges
VendorProductVersion rangeFixed in
citrixcitrix_adc
citrixcitrix_gateway
citrixnetscaler_adc
citrixnetscaler_application_delivery_controller>= 12.1 < 12.1-55.30212.1-55.302
citrixnetscaler_application_delivery_controller>= 13.0 < 13.0-92.2113.0-92.21
citrixnetscaler_application_delivery_controller>= 13.1 < 13.1-37.17613.1-37.176
citrixnetscaler_application_delivery_controller>= 13.1 < 13.1-51.1513.1-51.15
citrixnetscaler_application_delivery_controller>= 14.1 < 14.1-12.3514.1-12.35
citrixnetscaler_gateway
citrixnetscaler_gateway>= 13.0 < 13.0-92.2113.0-92.21
citrixnetscaler_gateway>= 13.1 < 13.1-51.1513.1-51.15
citrixnetscaler_gateway>= 14.1 < 14.1-12.3514.1-12.35
citrixxenserver
cloud_software_groupnetscaler_adc>= 12.1-FIPS < 55.30255.302
cloud_software_groupnetscaler_adc>= 12.1-NDcPP < 55.30255.302
cloud_software_groupnetscaler_adc>= 13.0 < 92.2192.21
cloud_software_groupnetscaler_adc>= 13.1 < 51.1551.15
cloud_software_groupnetscaler_adc>= 13.1-FIPS < 37.17637.176
cloud_software_groupnetscaler_adc>= 14.1 < 12.3512.35

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
vulncheck8.2HIGH
cisa7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.