CVE-2023-6549: 
Citrix ADC VPX vulnerability analysis and mitigation

CVE-2023-6549 is a buffer overflow vulnerability affecting Citrix NetScaler ADC and NetScaler Gateway products. The vulnerability was disclosed on January 16, 2024, and is being actively exploited in the wild. This security flaw allows unauthenticated attackers to cause Denial of Service (DoS) and perform Out-Of-Bounds Memory Read operations. The vulnerability affects systems configured as a gateway or AAA virtual server (Arctic Wolf).

The vulnerability has been assigned a CVSS v3.1 base score of 8.2 (High) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H. To be susceptible to DoS attacks, the appliances must be set up either as a gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or as an AAA virtual server. The vulnerability stems from improper restriction of operations within the bounds of a memory buffer (NVD).

The successful exploitation of this vulnerability can lead to Denial of Service (DoS) conditions and Out-Of-Bounds Memory Read operations. This can potentially disrupt critical services and affect the availability of affected systems (Arctic Wolf).

Citrix has released fixed versions for affected products. Organizations should upgrade to the following versions: NetScaler ADC and Gateway 14.1-12.35 and later releases, 13.1-51.15 and later releases of 13.1, 13.0-92.21 and later releases of 13.0, 13.1-FIPS 13.1-37.176 and later releases, 12.1-FIPS 12.1-55.302 and later releases, and 12.1-NDcPP 12.1-55.302 and later releases. Note that version 12.1 has reached End of Life (EOL) (Arctic Wolf).

The vulnerability has been added to CISA's Known Exploited Vulnerabilities (KEV) catalog, requiring federal agencies to apply vendor patches by February 7, 2024. This addition highlights the severity and active exploitation status of the vulnerability (NVD).