CVE-2023-6548: 
Citrix ADC VPX vulnerability analysis and mitigation

CVE-2023-6548 is a code injection vulnerability discovered in Citrix NetScaler ADC and NetScaler Gateway that was disclosed on January 16, 2024. The vulnerability allows an authenticated attacker with low-level privileges to perform remote code execution (RCE) on the management interface when they have access to NetScaler IP (NSIP), Subnet IP (SNIP), or cluster management IP (CLIP) (Arctic Wolf, Tenable).

The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) by Citrix Systems, Inc. with a vector string of CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L. However, NIST's NVD assessment rates it higher with a CVSS score of 8.8 (High) and vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The vulnerability specifically impacts the management interface of the affected systems (NVD).

If successfully exploited, this vulnerability allows an authenticated attacker with low privileges to execute remote code on the management interface of affected Citrix NetScaler ADC and NetScaler Gateway appliances (Tenable).

Citrix has released patches for affected versions and strongly recommends upgrading to the fixed versions: 14.1-12.35 and later releases, 13.1-51.15 and later releases of 13.1, 13.0-92.21 and later releases of 13.0, 13.1-FIPS 13.1-37.176 and later releases, 12.1-FIPS 12.1-55.302 and later releases, and 12.1-NDcPP 12.1-55.302 and later releases. Additionally, Citrix strongly recommends separating network traffic to the appliance's management interface either physically or logically and not exposing the management interface to the internet (Tenable).