CVE-2023-6548

CVE-2023-6548 is a significant vulnerability discovered in Citrix's NetScaler ADC and NetScaler Gateway. The flaw, identified as a code injection issue within the management interface, allows for remote code execution by an authenticated hacker. This security loophole could be exploited through a specially designed request, providing potential attackers with a dangerous avenue to infiltrate and manipulate the system. The exploitation of this vulnerability (CVSS score of 5) requires access to NSIP, CLIP, or SNIP with the management interface. Although the exploit necessitates authenticated access, even low privileged users could potentially perform remote code execution on the Management Interface. This makes CVE-2023-6548 a considerable threat, as it broadens the pool of potential offenders beyond just high-level users. To mitigate the risks associated with CVE-2023-6548 and another vulnerability (CVE-2023-6549), Citrix released security updates for NetScaler ADC and NetScaler Gateway. These updates aim to address these vulnerabilities and enhance the overall security of their systems. Users are advised to apply these updates promptly to protect their systems from potential attacks.