citrix netscaler-gateway CVE-2023-6549 vulnerability in Citrix Products
Published on January 17, 2024

Improper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScaler Gateway allows Unauthenticated Denial of Service

Vendor Advisory NVD

Known Exploited Vulnerability

This Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Citrix NetScaler ADC and NetScaler Gateway contain a buffer overflow vulnerability that allows for a denial-of-service when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.

The following remediation steps are recommended / required by February 7, 2024: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Vulnerability Analysis

CVE-2023-6549 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

What is a Buffer Overflow Vulnerability?

The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

CVE-2023-6549 has been classified to as a Buffer Overflow vulnerability or weakness.


Products Associated with CVE-2023-6549

You can be notified by stack.watch whenever vulnerabilities like CVE-2023-6549 are published in these products:

Citrix Netscaler Gateway
 
Citrix Netscaler Application Delivery Controller
 

What versions are vulnerable to CVE-2023-6549?