{"uuid": "dde1219a-14e2-47e0-9be7-64b42823c889", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "title": "New intelligence shows that exploitation of this RCE vulnerability does not require authentication", "description": "# Exploited Unauthenticated RCE Vulnerability CVE-2023-6548 in Citrix NetScaler ADC and NetScaler Gateway\n\nNew intelligence shows that exploitation of this RCE vulnerability does not require authentication\n\nhttps://digital.nhs.uk/cyber-alerts/2024/cc-4525\n\n\nThe NHS England National Cyber Security Operations Centre (CSOC) is aware of intelligence provided by CrowdStrike that contrary to Citrix\u2019s initial disclosure, the vulnerability known as CVE-2023-6548 does not require user privileges for exploitation. NHS England National CSOC now assesses CVE-2023-6548 as a critical vulnerability that can allow a remote, unauthenticated attacker to execute remote code on a vulnerable NetScaler Gateway or NetScaler ADC device.\n\nCVE-2023-6548 has two different CVSSv3 scores attributed to it. The NIST National Vulnerability Database (NVD) has classified it as having a score of 8.8, while Citrix rates the vulnerability at 5.5. The weakness is Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway and could allow a remote, unauthenticated attacker with access to the management interface to execute arbitrary code.\n", "description_format": "markdown", "vulnerability": "CVE-2023-6548", "creation_timestamp": "2024-07-17T15:49:25.225853+00:00", "timestamp": "2024-07-17T15:49:25.225853+00:00", "related_vulnerabilities": [], "author": {"login": "adulau", "name": "Alexandre Dulaunoy", "uuid": "c933734a-9be8-4142-889e-26e95c752803"}}