Most recent comments.

Most recent comments. https://db.gcve.eu Contains only the most 10 recent comments. http://www.rssboard.org/rss-specification python-feedgen en Wed, 10 Jun 2026 12:21:51 +0000 New intelligence shows that exploitation of this RCE vulnerability does not require authentication https://db.gcve.eu/comment/dde1219a-14e2-47e0-9be7-64b42823c889 # Exploited Unauthenticated RCE Vulnerability CVE-2023-6548 in Citrix NetScaler ADC and NetScaler Gateway New intelligence shows that exploitation of this RCE vulnerability does not require authentication https://digital.nhs.uk/cyber-alerts/2024/cc-4525 The NHS England National Cyber Security Operations Centre (CSOC) is aware of intelligence provided by CrowdStrike that contrary to Citrix’s initial disclosure, the vulnerability known as CVE-2023-6548 does not require user privileges for exploitation. NHS England National CSOC now assesses CVE-2023-6548 as a critical vulnerability that can allow a remote, unauthenticated attacker to execute remote code on a vulnerable NetScaler Gateway or NetScaler ADC device. CVE-2023-6548 has two different CVSSv3 scores attributed to it. The NIST National Vulnerability Database (NVD) has classified it as having a score of 8.8, while Citrix rates the vulnerability at 5.5. The weakness is Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway and could allow a remote, unauthenticated attacker with access to the management interface to execute arbitrary code. # Exploited Unauthenticated RCE Vulnerability CVE-2023-6548 in Citrix NetScaler ADC and NetScaler Gateway New intelligence shows that exploitation of this RCE vulnerability does not require authentication https://digital.nhs.uk/cyber-alerts/2024/cc-4525 The NHS England National Cyber Security Operations Centre (CSOC) is aware of intelligence provided by CrowdStrike that contrary to Citrix’s initial disclosure, the vulnerability known as CVE-2023-6548 does not require user privileges for exploitation. NHS England National CSOC now assesses CVE-2023-6548 as a critical vulnerability that can allow a remote, unauthenticated attacker to execute remote code on a vulnerable NetScaler Gateway or NetScaler ADC device. CVE-2023-6548 has two different CVSSv3 scores attributed to it. The NIST National Vulnerability Database (NVD) has classified it as having a score of 8.8, while Citrix rates the vulnerability at 5.5. The weakness is Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway and could allow a remote, unauthenticated attacker with access to the management interface to execute arbitrary code. https://db.gcve.eu/comment/dde1219a-14e2-47e0-9be7-64b42823c889 Wed, 17 Jul 2024 15:49:25 +0000