CVE-2023-24487: Arbitrary File Read in Citrix ADC & Gateway
CVE-2023-24487 Published on July 10, 2023

Arbitrary file read
Arbitrary file read in Citrix ADC and Citrix Gateway?

NVD

Vulnerability Analysis

Attack Vector:

ADJACENT_NETWORK

Attack Complexity:

LOW

Privileges Required:

NONE

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

LOW

Integrity Impact:

LOW

Availability Impact:

LOW

Weakness Type

Incorrect Check of Function Return Value

The software incorrectly checks a return value from a function, which prevents the software from detecting errors or exceptional conditions. Important and common functions will return some value about the success of its actions. This will alert the program whether or not to handle any errors caused by that function.

Products Associated with CVE-2023-24487

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2023-24487 are published in these products:

Citrix Application Delivery Controller

Citrix Gateway

Affected Versions

Citrix ADC and Citrix Gateway :

Version 13.1 and below 13.1-45.61 is affected.
Version 13.0 and below 13.0-90.11  is affected.
Version 12.1 and below 12.1-65.35 is affected.
Version 12.1-FIPS and below 12.1-55.296 is affected.
Version 13.1-FIPS and below 13.1-37.150 is affected.
Version 12.1-NDcPP and below 12.1-55.296 is affected.

Exploit Probability

EPSS

22.39%

Percentile

95.70%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.