CVE-2023-6549
published 2024-01-17CVE-2023-6549: Improper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScaler Gateway allows Unauthenticated Denial of Service and…
PriorityP182high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
KEVITWEXPLOIT
CISA Known Exploited Vulnerabilitydue 2024-02-07
Exploited in the wild
EPSS
57.63%
99.0th percentile
Improper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScaler Gateway allows Unauthenticated Denial of Service and Out-Of-Bounds Memory Read
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| citrix | citrix_adc | — | — |
| citrix | citrix_gateway | — | — |
| citrix | netscaler_adc | — | — |
| citrix | netscaler_application_delivery_controller | >= 12.1 < 12.1-55.302 | 12.1-55.302 |
| citrix | netscaler_application_delivery_controller | >= 13.0 < 13.0-92.21 | 13.0-92.21 |
| citrix | netscaler_application_delivery_controller | >= 13.1 < 13.1-37.176 | 13.1-37.176 |
| citrix | netscaler_application_delivery_controller | >= 13.1 < 13.1-51.15 | 13.1-51.15 |
| citrix | netscaler_application_delivery_controller | >= 14.1 < 14.1-12.35 | 14.1-12.35 |
| citrix | netscaler_gateway | — | — |
| citrix | netscaler_gateway | >= 13.0 < 13.0-92.21 | 13.0-92.21 |
| citrix | netscaler_gateway | >= 13.1 < 13.1-51.15 | 13.1-51.15 |
| citrix | netscaler_gateway | >= 14.1 < 14.1-12.35 | 14.1-12.35 |
| citrix | xenserver | — | — |
| cloud_software_group | netscaler_adc | >= 12.1-FIPS < 55.302 | 55.302 |
| cloud_software_group | netscaler_adc | >= 12.1-NDcPP < 55.302 | 55.302 |
| cloud_software_group | netscaler_adc | >= 13.0 < 92.21 | 92.21 |
| cloud_software_group | netscaler_adc | >= 13.1 < 51.15 | 51.15 |
| cloud_software_group | netscaler_adc | >= 13.1-FIPS < 37.176 | 37.176 |
| cloud_software_group | netscaler_adc | >= 14.1 < 12.35 | 12.35 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
vulncheck8.2HIGH
cisa7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulnCheck
Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability
vulncheck·2023·CVSS 8.2
CVE-2023-6549 [HIGH] CWE-119 Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability
Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability
Citrix NetScaler ADC and NetScaler Gateway contain a buffer overflow vulnerability that allows for a denial-of-service when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.
Affected: Citrix NetScaler ADC and NetScaler Gateway
Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Exploitation References: https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549; https://www.tenable.com/blog/cve-2023-6548-cve-2023-6549-zero-day-vulnerabilities-netscaler-adc-gateway-exploited; https://www.cisa.gov/sites/default/files/feeds/known_
VulnCheck
Citrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability
vulncheck·2023·CVSS 5.5
CVE-2023-6548 [MEDIUM] CWE-94 Citrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability
Citrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability
Citrix NetScaler ADC and NetScaler Gateway contain a code injection vulnerability that allows for authenticated remote code execution on the management interface with access to NSIP, CLIP, or SNIP.
Affected: Citrix NetScaler ADC and NetScaler Gateway
Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Exploitation References: https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549; https://www.tenable.com/blog/cve-2023-6548-cve-2023-6549-zero-day-vulnerabilities-netscaler-adc-gateway-exploited; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabiliti
CISA
Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability
cisa·2024-01-17·CVSS 7.5
CVE-2023-6549 [HIGH] CWE-119 Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability
Vulnerability: Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability
Affected: Citrix NetScaler ADC and NetScaler Gateway
Citrix NetScaler ADC and NetScaler Gateway contain a buffer overflow vulnerability that allows for a denial-of-service when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.
Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Notes: https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549; https://nvd.nist.gov/vuln/detail/CVE-2023-6549
Remediation Due Date: 2024-02-07
Citrix
NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2023-6548 and CVE-2023-6549
vendor_citrix·2024-01-16·CVSS 8.8
CVE-2023-6548 [HIGH] CWE-119 NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2023-6548 and CVE-2023-6549
NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2023-6548 and CVE-2023-6549
Pre-requisites CWE CVE-2023-6548 Authenticated (low privileged) remote code execution on Management Interface Access to NSIP, CLIP or SNIP with management interface access CWE-94 CVE-2023-6549 Denial of Service and Out-Of-Bounds Memory Read Appliance must be configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server CWE-119
CVE References: CVE-2023-6548, CVE-2023-6549
Affected Products: Citrix ADC, Citrix Gateway, NetScaler ADC, NetScaler Gateway, XenServer
Severity: High
Suricata
ET WEB_SPECIFIC_APPS Citrix Netscaler ADC & Gateway Unauthenticated Out-of-Bounds Memory Read (CVE-2023-6549)
suricata·2025-07-02·CVSS 8.2
CVE-2023-6549 [HIGH] ET WEB_SPECIFIC_APPS Citrix Netscaler ADC & Gateway Unauthenticated Out-of-Bounds Memory Read (CVE-2023-6549)
ET WEB_SPECIFIC_APPS Citrix Netscaler ADC & Gateway Unauthenticated Out-of-Bounds Memory Read (CVE-2023-6549)
Rule: alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Citrix Netscaler ADC & Gateway Unauthenticated Out-of-Bounds Memory Read (CVE-2023-6549)"; flow:established,to_server; http.uri; content:"/nf/auth/startwebview.do"; fast_pattern; http.host; isdataat:5394; reference:url,bishopfox.com/blog/netscaler-adc-and-gateway-advisory; reference:cve,2023-6549; classtype:web-application-attack; sid:2063271; rev:1; metadata:affected_product Citrix, attack_target Server, created_at 2025_07_02, cve CVE_2023_6549, deployment Perimeter, deployment Internal, confidence High, signature_severity Major, tag Exploit, updated_at 2025_07_02, mitre_tactic_id TA0001, mitre_tactic_name Initi
Nuclei
Citrix Netscaler ADC & Gateway - Out-Of-Bounds Memory Read
nuclei·CVSS 7.5
CVE-2023-6549 [HIGH] Citrix Netscaler ADC & Gateway - Out-Of-Bounds Memory Read
Citrix Netscaler ADC & Gateway - Out-Of-Bounds Memory Read
The vulnerability would enable an attacker to remotely obtain sensitive information from a NetScaler appliance configured as a Gateway or AAA virtual server via a very commonly connected Web interface, and without requiring authentication. This bug is nearly identical to the Citrix Bleed vulnerability (CVE-2023-4966), except it is less likely to return highly sensitive information to an attacker.
Template:
id: CVE-2023-6549
info:
name: Citrix Netscaler ADC & Gateway - Out-Of-Bounds Memory Read
author: ice3man
severity: critical
description: |
The vulnerability would enable an attacker to remotely obtain sensitive information from a NetScaler appliance configured as a Gateway or AAA virtual server via a very commonly connected W
Tenable
Verizon 2025 DBIR: Tenable Research Collaboration Shines a Spotlight on CVE Remediation Trends
blogs_tenable·2025-04-23
Verizon 2025 DBIR: Tenable Research Collaboration Shines a Spotlight on CVE Remediation Trends
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Tenable
Cybersecurity Snapshot: CISA Calls for Stamping Out Buffer Overflow Vulnerabilities, as Europol Tells Banks To Prep For Quantum Threat
blogs_tenable·2025-02-14
Cybersecurity Snapshot: CISA Calls for Stamping Out Buffer Overflow Vulnerabilities, as Europol Tells Banks To Prep For Quantum Threat
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Bleepingcomputer
Citrix warns admins to manually mitigate PuTTY SSH client bug
blogs_bleepingcomputer·2024-05-09·CVSS 5.9
CVE-2024-31497 [MEDIUM] Citrix warns admins to manually mitigate PuTTY SSH client bug
## Citrix warns admins to manually mitigate PuTTY SSH client bug
## Sergiu Gatlan
Citrix notified customers this week to manually mitigate a PuTTY SSH client vulnerability that could allow attackers to steal a XenCenter admin's private SSH key.
XenCenter helps manage Citrix Hypervisor environments from a Windows desktop, including deploying and monitoring virtual machines.
The security flaw ( tracked as CVE-2024-31497 ) impacts multiple versions of XenCenter for Citrix Hypervisor 8.2 CU1 LTSR, which bundle and use PuTTY to make SSH connections from XenCenter to guest VMs when clicking the "Open SSH Console" button.
Citrix says that the PuTTY third-party component has been removed starting with XenCenter 8.2.6, and any versions after 8.2.7 will no longer include it.
"An issue has been
Wiz
Crying Out Cloud - February Newsletter | Wiz
blogs_wiz·2024-02-01·CVSS 9.8
CVE-2023-33246 [CRITICAL] Crying Out Cloud - February Newsletter | Wiz
This month we’ve seen a lot of action, with both vulnerabilities and security incidents that have left users affected. We bring you the latest cloud security highlights, to help you stay informed and stay secure. Let's dive in.
Here are our top picks!
## 🐞 High Profile Vulnerabilities
Apache RocketMQ RCE vulnerability exploited in-the-wild
In August 2023 researchers identified attackers exploiting CVE-2023-33246, a critical vulnerability in Apache RocketMQ, to install the DreamBus bot, a malware strain last reported about publicly in 2021. On January 5, 2024 Apache stated that the patch for CVE-2023-33246 was in fact insufficient, and an additional CVE was assigned to the bypass - CVE-2023-37582. The latter vulnerability is also being exploited in the wild, so it is recommended to patc
Checkpoint
22nd January – Threat Intelligence Report
blogs_checkpoint·2024-01-22
CVE-2023-34063 22nd January – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 22nd January – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 22nd January, please download our Threat_Intelligence Bulletin .
TOP ATTACKS AND BREACHES
Microsoft disclosed that they detected an attack against their systems by Russian state-sponsored actor known as Midnight Blizzard (aka Nobelium). The threat actor used a password spray attack to compromise a legacy non-production test tenant account and then accessed very small percentage of Microsoft corporate email acc
Bleepingcomputer
CISA pushes federal agencies to patch Citrix RCE within a week
blogs_bleepingcomputer·2024-01-17·CVSS 5.5
[MEDIUM] CISA pushes federal agencies to patch Citrix RCE within a week
## CISA pushes federal agencies to patch Citrix RCE within a week
## Sergiu Gatlan
Today, CISA ordered U.S. federal agencies to secure their systems against three recently patched Citrix NetScaler and Google Chrome zero-days actively exploited in attacks, pushing for a Citrix RCE bug to be patched within a week.
The cybersecurity agency added the flaws to its Known Exploited Vulnerabilities Catalog today, saying that such vulnerabilities are "frequent attack vectors for malicious cyber actors" that pose "significant risks to the federal enterprise."
Citrix urged customers on Tuesday to immediately patch Internet-exposed Netscaler ADC and Gateway appliances against the CVE-2023-6548 code injection vulnerability and the CVE-2023-6549 buffer overflow impacting the Netscaler management int
Bleepingcomputer
Citrix warns of new Netscaler zero-days exploited in attacks
blogs_bleepingcomputer·2024-01-16·CVSS 5.5
CVE-2023-6548 [MEDIUM] Citrix warns of new Netscaler zero-days exploited in attacks
## Citrix warns of new Netscaler zero-days exploited in attacks
## Sergiu Gatlan
Citrix urged customers on Tuesday to immediately patch Netscaler ADC and Gateway appliances exposed online against two actively exploited zero-day vulnerabilities.
The two zero-days (tracked as CVE-2023-6548 and CVE-2023-6549) impact the Netscaler management interface and expose unpatched Netscaler instances to remote code execution and denial-of-service attacks, respectively.
However, to gain code execution, attackers must be logged in to low-privilege accounts on the targeted instance and need access to NSIP, CLIP, or SNIP with management interface access.
Also, the appliances must be configured as a gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or an AAA virtual server to be vulnerable to Do
Tenable
CVE-2023-6548, CVE-2023-6549: Zero-Day Vulnerabilities Exploited in Citrix NetScaler ADC and NetScaler Gateway
blogs_tenable·2024-01-16·CVSS 5.5
[MEDIUM] CVE-2023-6548, CVE-2023-6549: Zero-Day Vulnerabilities Exploited in Citrix NetScaler ADC and NetScaler Gateway
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Greynoiseio
NoiseLetter March 2026
blogs_greynoiseio
NoiseLetter March 2026
Events, events… and yes, even more events. 🌍 GreyNoise has been on the move. March kept us busy with stops at eCrimes in London and SecIT in Hanover—but we’re just getting started. Over the next few months, we’ll be hitting the road for CrowdStrike CrowdTours across eight cities, heading to Glasgow to speak and sponsor CyberUK, and making our way to Tampa for H-ISAC. If you’ll be at any of these (or nearby), we’d love to connect.
And while we’ve been racking up miles, we haven’t slowed down on the research front. We’ve just released some exciting new findings—with even more coming in the next few weeks—so keep an eye out.
Thanks, as always, for being part of the GreyNoise community.
Featured
About this new report
Every enterprise firewall processes traffic from residential IP space. T
Greynoiseio
NoiseLetter May 2024
blogs_greynoiseio
NoiseLetter May 2024
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Find out immediately if an asset communicates with a malicious IP address
Vulnerability Prioritization Get real-time insight into active exploitation trends to better understand risk and severity
SOC Efficiency Filter out noisy, low priority and false-positive alerts from mass internet scanners
Incident Investigation Add context to incidents to speed the determinations of scope and timelines
Threat Hunting Quickly identify anomalous behavior and enrich your threat hunting campaigns
Why GreyNoise
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Fin
https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-6549
2024-01-17
Published
2024-01-17
Added to CISA KEV
Exploited in the wild