CVE-2023-6548 MEDIUM

CVE-2023-6548

Vendor Cloud Software Group
Product NetScaler ADC
Weakness CWE-94 · Code injection
KEV Status Known Exploited
Published January 17, 2024
Last update October 21, 2025

CVSS base score

5.5/10
Attack vector Adjacent
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway allows an attacker with access to NSIP, CLIP or SNIP with management interface to perform Authenticated (low privileged) remote code execution on Management Interface.

CISA mandated remediation

02CISA Required Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Key dates

03Disclosure timeline

January 17, 2024 CVE published
October 21, 2025 Record updated