nvd-json-data-feeds/CVE-2023/CVE-2023-65xx/CVE-2023-6549.json

{
  "id": "CVE-2023-6549",
  "sourceIdentifier": "secure@citrix.com",
  "published": "2024-01-17T21:15:11.690",
  "lastModified": "2025-01-27T21:48:20.317",
  "vulnStatus": "Analyzed",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Improper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScaler Gateway allows Unauthenticated Denial of Service and\u00a0Out-Of-Bounds Memory Read\n"
    },
    {
      "lang": "es",
      "value": "La restricci\u00f3n inadecuada de las operaciones dentro de los l\u00edmites de un b\u00fafer de memoria en NetScaler ADC y NetScaler Gateway permite una denegaci\u00f3n de servicio no autenticada"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "secure@citrix.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
          "baseScore": 8.2,
          "baseSeverity": "HIGH",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "availabilityImpact": "HIGH"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 4.2
      },
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "availabilityImpact": "HIGH"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6
      }
    ]
  },
  "cisaExploitAdd": "2024-01-17",
  "cisaActionDue": "2024-02-07",
  "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
  "cisaVulnerabilityName": "Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability",
  "weaknesses": [
    {
      "source": "secure@citrix.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ]
    },
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:*",
              "versionStartIncluding": "12.1",
              "versionEndExcluding": "12.1-55.302",
              "matchCriteriaId": "E5672003-8E6B-4316-B5C9-FE436080ADD1"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:ndcpp:*:*:*",
              "versionStartIncluding": "12.1",
              "versionEndExcluding": "12.1-55.302",
              "matchCriteriaId": "D1A11ABD-4F45-4BA9-B30B-F1D8A612CC15"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*",
              "versionStartIncluding": "13.0",
              "versionEndExcluding": "13.0-92.21",
              "matchCriteriaId": "FC0A5AAC-62DD-416A-A801-A7A95D5EF73C"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:*",
              "versionStartIncluding": "13.1",
              "versionEndExcluding": "13.1-37.176",
              "matchCriteriaId": "8C8A6B95-8338-4EE7-A6EC-7D84AEDC4AF3"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*",
              "versionStartIncluding": "13.1",
              "versionEndExcluding": "13.1-51.15",
              "matchCriteriaId": "3CF77D9D-FC89-493D-B97D-F9699D182F54"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*",
              "versionStartIncluding": "14.1",
              "versionEndExcluding": "14.1-12.35",
              "matchCriteriaId": "62CD82CF-9013-4E54-B175-19B804A351AA"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "13.0",
              "versionEndExcluding": "13.0-92.21",
              "matchCriteriaId": "68E1F810-ABCD-40A7-A8C1-4E8727799C7C"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "13.1",
              "versionEndExcluding": "13.1-51.15",
              "matchCriteriaId": "E870C309-D5CD-4181-9DEB-4833DE2EAEB7"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "14.1",
              "versionEndExcluding": "14.1-12.35",
              "matchCriteriaId": "2836707F-A36F-479E-BFDC-CF55AEFC37EE"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549",
      "source": "secure@citrix.com",
      "tags": [
        "Vendor Advisory"
      ]
    },
    {
      "url": "https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ]
    }
  ]
}