Home / Vulnerabilities / CVE-2023-6549
HIGH SEVERITY
CVE-2023-6549 Citrix · NetScaler ADC and NetScaler Gateway

Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability

Technical Severity

CVSS v3.1 Metrics

HIGH
8.2 / 10
Minimal Risk Critical
Vector Specification
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Exploitation Likelihood

EPSS Prediction

77.01 %
Predictive Probability
Percentile Rank
98.9 th

Documented as more likely to be exploited than 98.9% of known CVEs.

Detection Date

Jan 17, 2024

Remediation Due

Feb 07, 2024

CISA Catalog Active

Threat Analysis

Citrix NetScaler ADC and NetScaler Gateway contain a buffer overflow vulnerability that allows for a denial-of-service when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.

Remediation Directive

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

External Intelligence

https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549

https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549
NVD

National Vulnerability Database

https://nvd.nist.gov/vuln/detail/CVE-2023-6549