CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
AI Score
Confidence
Low
EPSS
Percentile
87.7%
SSVC
Exploitation
active
Automatable
no
Technical Impact
total
Improper Control of Generation of Code (‘Code Injection’) in NetScaler ADC and NetScaler Gateway allows an attacker with access to NSIP, CLIP or SNIP with management interface to perform Authenticated (low privileged) remote code execution on Management Interface.
[
{
"cpes": [
"cpe:2.3:a:citrix:netscaler_application_delivery_controller:14.1:*:*:*:-:*:*:*"
],
"vendor": "citrix",
"product": "netscaler_application_delivery_controller",
"versions": [
{
"status": "affected",
"version": "14.1",
"lessThan": "14.1-12.35",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:a:citrix:netscaler_application_delivery_controller:13.1:*:*:*:-:*:*:*"
],
"vendor": "citrix",
"product": "netscaler_application_delivery_controller",
"versions": [
{
"status": "affected",
"version": "13.1",
"lessThan": "13.1-51.15",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:a:citrix:netscaler_application_delivery_controller:13.0:*:*:*:-:*:*:*"
],
"vendor": "citrix",
"product": "netscaler_application_delivery_controller",
"versions": [
{
"status": "affected",
"version": "13.0",
"lessThan": "13.0-92.21",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:a:citrix:netscaler_application_delivery_controller:13.1:*:*:*:fips:*:*:*"
],
"vendor": "citrix",
"product": "netscaler_application_delivery_controller",
"versions": [
{
"status": "affected",
"version": "13.1",
"lessThan": "13.1-37.176",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:a:citrix:netscaler_application_delivery_controller:12.1:*:*:*:fips:*:*:*"
],
"vendor": "citrix",
"product": "netscaler_application_delivery_controller",
"versions": [
{
"status": "affected",
"version": "12.1",
"lessThan": "12.1-55.302",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:a:citrix:netscaler_application_delivery_controller:12.1:*:*:*:ndcpp:*:*:*"
],
"vendor": "citrix",
"product": "netscaler_application_delivery_controller",
"versions": [
{
"status": "affected",
"version": "12.1",
"lessThan": "12.1-55.302",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:a:citrix:netscaler_gateway:14.1:*:*:*:*:*:*:*"
],
"vendor": "citrix",
"product": "netscaler_gateway",
"versions": [
{
"status": "affected",
"version": "14.1",
"lessThan": "14.1-12.35",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:a:citrix:netscaler_gateway:13.1:*:*:*:*:*:*:*"
],
"vendor": "citrix",
"product": "netscaler_gateway",
"versions": [
{
"status": "affected",
"version": "13.1",
"lessThan": "13.1-51.15",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:a:citrix:netscaler_gateway:13.0:*:*:*:*:*:*:*"
],
"vendor": "citrix",
"product": "netscaler_gateway",
"versions": [
{
"status": "affected",
"version": "13.0",
"lessThan": "13.0-92.21",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
}
]
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
AI Score
Confidence
Low
EPSS
Percentile
87.7%
SSVC
Exploitation
active
Automatable
no
Technical Impact
total