Citrix » Netscaler Application Delivery Controller : Security Vulnerabilities, CVEs,
CVE-2023-6549
Known exploited
Improper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScaler Gateway allows Unauthenticated Denial of Service
Max CVSS
8.2
EPSS Score
0.60%
Published
2024-01-17
Updated
2024-01-24
CISA KEV Added
2024-01-17
CVE-2023-6548
Known exploited
Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway allows an attacker with access to NSIP, CLIP or SNIP with management interface to perform Authenticated (low privileged) remote code execution on Management Interface.
Max CVSS
8.8
EPSS Score
1.57%
Published
2024-01-17
Updated
2024-01-25
CISA KEV Added
2024-01-17
Denial of Service in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA Virtual Server
Max CVSS
8.2
EPSS Score
0.05%
Published
2023-10-27
Updated
2023-11-07
CVE-2023-4966
Known exploited
Public exploit
Used for ransomware
Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.
Max CVSS
9.4
EPSS Score
96.49%
Published
2023-10-10
Updated
2024-02-29
CISA KEV Added
2023-10-18
CVE-2023-3519
Known exploited
Public exploit
Used for ransomware
Unauthenticated remote code execution
Max CVSS
9.8
EPSS Score
91.19%
Published
2023-07-19
Updated
2023-08-04
CISA KEV Added
2023-07-19
Privilege Escalation to root administrator (nsroot)
Max CVSS
8.0
EPSS Score
0.04%
Published
2023-07-19
Updated
2023-07-28
Reflected Cross-Site Scripting (XSS)
Max CVSS
8.3
EPSS Score
0.05%
Published
2023-07-19
Updated
2023-07-28
Command injection vulnerability in Citrix NetScaler ADC and NetScaler Gateway 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build 53.13; and the NetScaler Load Balancing instance distributed with NetScaler SD-WAN/CloudBridge 4000, 4100, 5000 and 5100 WAN Optimization Edition 9.3.0 allows remote attackers to execute a system command or read arbitrary files via an SSH login prompt.
Max CVSS
7.5
EPSS Score
0.12%
Published
2018-03-01
Updated
2019-10-03
8 vulnerabilities found