Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:94CC80E080B7FF680EFB0AEC3D170D8B
HistoryAug 09, 2023 - 12:00 a.m.

Citrix ADC nsppe buffer overflow

2023-08-0900:00:00
SAINT Corporation
my.saintcorporation.com
63
citrix adc
buffer overflow
nsppe process
unauthenticated attacker
http get request
arbitrary commands
upgrade
citrix vpx
linux

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.912 High

EPSS

Percentile

98.9%

JSON

Added: 08/09/2023
CVE: CVE-2023-3519

Background

Citrix ADC (formerly NetScaler ADC) is an application delivery and load balancing platform.

Problem

A buffer overflow vulnerability in the **nsppe** process in Citrix ADC allows an unauthenticated attacker to execute arbitrary commands by making a specially crafted HTTP GET request.

Resolution

Upgrade to Citrix ADC 13.0-91.13 or 13.1-49.13 or higher.

References

<https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467&gt;

Limitations

Exploit works on Citrix VPX 13.1-48.47.

Platforms

Linux

Related

prion 1
thn 8
impervablog 1
malwarebytes 3
githubexploit 10
cve 1
attackerkb 1
saint 1
metasploit 1
packetstorm 1
cvelist 1
nvd 1
cisa_kev 1
zdt 1
rapid7blog 4
ics 1
nessus 1
citrix 1
trellix 2
securelist 1
prion
prion
Remote code execution
2023-07-19 18:15:00
thn
thn
Citrix NetScaler Alert: Ransomware Hackers Exploiting Critical Vulnerability
2023-08-29 09:17:00
Nearly 2,000 Citrix NetScaler Instances Hacked via Critical Vulnerability
2023-08-16 04:20:00
Citrix NetScaler ADC and Gateway Devices Under Attack: CISA Urges Immediate Action
2023-07-21 05:26:00
impervablog
impervablog
CVE-2023-3519: NetScaler (Citrix) RCE Blocked By Imperva
2023-07-23 09:46:23
malwarebytes
malwarebytes
A week in security (July 17 - 23)
2023-07-24 02:00:00
CISA: You've got two weeks to patch Citrix NetScaler vulnerability CVE-2023-3519
2023-07-21 14:00:00
Citrix NetScalers backdoored in widespread exploitation campaign
2023-08-17 01:00:00
githubexploit
githubexploit
Exploit for Code Injection in Citrix Netscaler Application Delivery Controller
2023-08-05 01:43:16
Exploit for Code Injection in Citrix Netscaler Application Delivery Controller
2023-07-21 23:48:11
Exploit for Code Injection in Citrix Netscaler Application Delivery Controller
2023-07-21 11:02:21
cve
cve
CVE-2023-3519
2023-07-19 18:15:11
attackerkb
attackerkb
CVE-2023-3519
2023-07-31 00:00:00
saint
saint
Citrix ADC nsppe buffer overflow
2023-08-09 00:00:00
metasploit
metasploit
Citrix ADC (NetScaler) Forms SSO Target RCE
2023-07-31 21:30:52
packetstorm
packetstorm
Citrix ADC (NetScaler) Remote Code Execution
2023-08-04 00:00:00
cvelist
cvelist
CVE-2023-3519
2023-07-19 17:51:39
nvd
nvd
CVE-2023-3519
2023-07-19 18:15:11
cisa_kev
cisa_kev
Citrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability
2023-07-19 00:00:00
zdt
zdt
Citrix ADC (NetScaler) Remote Code Execution Exploit
2023-08-08 00:00:00
rapid7blog
rapid7blog
What’s New in InsightVM and Nexpose: Q3 2023 in Review
2023-09-29 19:42:26
Metasploit weekly wrap-up
2023-08-11 15:22:20
Critical Zero-Day Vulnerability in Citrix NetScaler ADC and NetScaler Gateway
2023-07-18 15:28:45
ics
ics
Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells
2023-07-20 12:00:00
nessus
nessus
Citrix ADC and Citrix Gateway Multiple Vulnerabilities (CTX561482)
2023-07-18 00:00:00
citrix
citrix
Citrix ADC and Citrix Gateway Security Bulletin for CVE-2023-3519, CVE-2023-3466, CVE-2023-3467
2023-07-18 13:43:46
trellix
trellix
The Bug Report - July 2023 Edition
2023-08-02 00:00:00
The Bug Report - July 2023 Edition
2023-08-02 00:00:00
securelist
securelist
IT threat evolution in Q3 2023. Non-mobile statistics
2023-12-01 10:00:03

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.912 High

EPSS

Percentile

98.9%

JSON
Related for SAINT:94CC80E080B7FF680EFB0AEC3D170D8B
prion1thn8impervablog1malwarebytes3githubexploit10cve1attackerkb1saint1metasploit1packetstorm1cvelist1nvd1cisa_kev1zdt1rapid7blog4ics1nessus1citrix1trellix2securelist1