{"id":32855,"date":"2024-01-16T15:04:37","date_gmt":"2024-01-16T14:04:37","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=32855"},"modified":"2024-01-16T15:12:05","modified_gmt":"2024-01-16T14:12:05","slug":"netscaler-adc-and-netscaler-gateway-vulnerabilities-cve-2023-6548-and-cve-2023-6549","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2024\/01\/16\/netscaler-adc-and-netscaler-gateway-vulnerabilities-cve-2023-6548-and-cve-2023-6549\/","title":{"rendered":"NetScaler ADC and NetScaler Gateway vulnerabilities CVE-2023-6548 and CVE-2023-6549"},"content":{"rendered":"<p><img decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline;\" title=\"Sicherheit (Pexels, allgemeine Nutzung)\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2021\/04\/Sicherheit_klein.jpg\" alt=\"Sicherheit (Pexels, allgemeine Nutzung)\" width=\"200\" align=\"left\" \/>[<a href=\"https:\/\/www.borncity.com\/blog\/2024\/01\/16\/netscaler-adc-und-netscaler-gateway-schwachstellen-cve-2023-6548-und-cve-2023-6549\/\" target=\"_blank\" rel=\"noopener\">German<\/a>]Administrators of a Citrix NetScaler ADC or a Citrix NetScaler Gateway should take action. Manufacturer Citrix has published a security advisory regarding the two vulnerabilities CVE-2023-6548 and CVE-2023-6549 in the above-mentioned products on January 16, 2024. One vulnerability allows DDoS attacks, while the second vulnerability allows authenticated (low privileged) remote code execution on the management interface.<\/p>\n<p><!--more--><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/vg06.met.vgwort.de\/na\/b121e4ba8bfd439eafdb9960d0970550\" alt=\"\" width=\"1\" height=\"1\" \/>I became aware of the issue via the following tweet from Thorsten E. Citrix has published <a href=\"https:\/\/support.citrix.com\/article\/CTX584986\/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549\" target=\"_blank\" rel=\"noopener\">this security advisory<\/a> with details on the vulnerabilities CVE-2023-6548 and CVE-2023-6549 in NetScaler ADC and NetScaler Gateway.<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/i.postimg.cc\/8CWjqdDd\/image.png\" \/><\/p>\n<p>Regarding the vulnerabilities, Citrix provides the following explanations about their characteristics:<\/p>\n<ul>\n<li>CVE-2023-6548: Authenticated (low privileged) remote code execution on the management interface; Access to NSIP, CLIP or SNIP with access to the management interface, CVSS 5.5.<\/li>\n<li>CVE-2023-6549: Denial of Service, Denial of Service; the oAppliance must be configured as a gateway (virtual VPN server, ICA proxy, CVPN, RDP proxy) or virtual AAA server, CVSS 8.2.<\/li>\n<\/ul>\n<p>The following supported versions of NetScaler ADC and NetScaler Gateway are affected by the vulnerabilities:<\/p>\n<ul>\n<li>NetScaler ADC and NetScaler Gateway 14.1 before 14.1-12.35<\/li>\n<li>NetScaler ADC and NetScaler Gateway 13.1 before 13.1-51.15<\/li>\n<li>NetScaler ADC and NetScaler Gateway 13.0 before 13.0-92.21<\/li>\n<li>NetScaler ADC 13.1-FIPS before 13.1-37.176<\/li>\n<li>NetScaler ADC 12.1-FIPS before 12.1-55.302<\/li>\n<\/ul>\n<p>NetScaler ADC 12.1-NDcPP before 12.1-55.302etzt End Of Life (EOL) und anf\u00e4llig. Dieses Bulletin gilt nur f\u00fcr vom Kunden verwaltete NetScaler ADC- und NetScaler Gateway-Produkte. Kunden, die von Citrix verwaltete Cloud-Dienste oder von Citrix verwaltete Adaptive Authentication verwenden, m\u00fcssen keine Ma\u00dfnahmen ergreifen. Im Citrix-Beitrag sind die Versionen der Software genannt, in denen die Schwachstellen beseitigt wurden.<\/p>\n<ul>\n<li>NetScaler ADC and NetScaler Gateway 14.1-12.35 and later versions<\/li>\n<li>NetScaler ADC and NetScaler Gateway 13.1-51.15 and later versions of 13.1<\/li>\n<li>NetScaler ADC and NetScaler Gateway 13.0-92.21 and later versions of 13.0<\/li>\n<li>NetScaler ADC 13.1-FIPS 13.1-37.176 and later versions of 13.1-FIPS<\/li>\n<li>NetScaler ADC 12.1-FIPS 12.1-55.302 and later versions of 12.1-FIPS<\/li>\n<li>NetScaler ADC 12.1-NDcPP 12.1-55.302 and later versions of 12.1-NDcPP<\/li>\n<\/ul>\n<p>Customers with a NetScaler ADC and the NetScaler Gateway in version 12.1 must upgrade to a successor version to continue to be protected against the vulnerability.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]Administrators of a Citrix NetScaler ADC or a Citrix NetScaler Gateway should take action. Manufacturer Citrix has published a security advisory regarding the two vulnerabilities CVE-2023-6548 and CVE-2023-6549 in the above-mentioned products on January 16, 2024. One vulnerability allows DDoS &hellip; <a href=\"https:\/\/borncity.com\/win\/2024\/01\/16\/netscaler-adc-and-netscaler-gateway-vulnerabilities-cve-2023-6548-and-cve-2023-6549\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580,1547],"tags":[2222,69],"class_list":["post-32855","post","type-post","status-publish","format-standard","hentry","category-security","category-software","tag-citrix","tag-security"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/32855","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=32855"}],"version-history":[{"count":2,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/32855\/revisions"}],"predecessor-version":[{"id":32857,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/32855\/revisions\/32857"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=32855"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=32855"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=32855"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}