CVE-2023-3467 : Privilege Escalation to root administrator (nsroot)

Privilege Escalation to root administrator (nsroot)

Published 2023-07-19 19:15:12

Updated 2023-07-28 14:54:03

Source Citrix Systems, Inc.

View at NVD, CVE.org

Vulnerability category: Gain privilege

Products affected by CVE-2023-3467

Citrix » Netscaler Application Delivery Controller » Fips Edition
Versions from including (>=) 12.1 and before (<) 12.1-55.297
cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:*
Matching versions
Citrix » Netscaler Application Delivery Controller » Ndcpp Edition
Versions from including (>=) 12.1 and before (<) 12.1-55.297
cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:ndcpp:*:*:*
Matching versions
Citrix » Netscaler Application Delivery Controller »
Versions from including (>=) 13.0 and before (<) 13.0-91.13
cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*
Matching versions
Citrix » Netscaler Application Delivery Controller » Fips Edition
Versions from including (>=) 13.1 and before (<) 13.1-37.159
cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:*
Matching versions
Citrix » Netscaler Application Delivery Controller »
Versions from including (>=) 13.1 and before (<) 13.1-49.13
cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*
Matching versions
Citrix » Netscaler Application Delivery Controller » Version: 11.1-65.22 Fips Edition
cpe:2.3:a:citrix:netscaler_application_delivery_controller:11.1-65.22:*:*:*:fips:*:*:*
Matching versions
Citrix » Netscaler Gateway
Versions from including (>=) 13.1 and before (<) 13.1-49.13
cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*
Matching versions
Citrix » Netscaler Gateway
Versions from including (>=) 13.0 and before (<) 13.0-91.13
cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2023-3467

EPSS FAQ

0.11%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 26 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-3467

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
8.0	HIGH	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	2.1	5.9	NIST
Attack Vector: Adjacent Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High
8.0	HIGH	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	2.1	5.9	Citrix Systems, Inc.
Attack Vector: Adjacent Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2023-3467

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Assigned by: secure@citrix.com (Secondary)

References for CVE-2023-3467

https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467

Citrix ADC and Citrix Gateway Security Bulletin for CVE-2023-3519, CVE-2023-3466, CVE-2023-3467
Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2023-3467

Products affected by CVE-2023-3467

Exploit prediction scoring system (EPSS) score for CVE-2023-3467

CVSS scores for CVE-2023-3467

CWE ids for CVE-2023-3467

References for CVE-2023-3467