CVE-2023-6548
CVSS Score
5.5
EPSS Score
0.0%
EPSS Percentile
0th
Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway allows an attacker with access to NSIP, CLIP or SNIP with management interface to perform Authenticated (low privileged) remote code execution on Management Interface.
| CWE | CWE-94 |
| Vendor | cloud software group |
| Product | netscaler adc |
| Published | Jan 17, 2024 |
| Last Updated | Oct 21, 2025 |
⚠️ Actively Exploited — Act Now
Get instant alerts for cloud software group netscaler adc
This vulnerability is actively exploited in the wild. Set up free real-time alerts so you're first to know about threats like CVE-2023-6548.
Get Free Alerts →
Free · No credit card · 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low
Affected Versions
Cloud Software Group / NetScaler ADC
14.1 < 12.35 13.1 < 51.15 13.0 < 92.21 13.1-FIPS < 37.176 12.1-FIPS < 55.302 12.1-NDcPP < 55.302
Cloud Software Group / NetScaler Gateway
14.1 < 12.35 13.1 < 51.15 13.0 < 92.21