CVSS: 8.0EPSS: 0%CPEs: 8EXPL: 0CVE-2023-3467
https://notcve.org/view.php?id=CVE-2023-3467
Privilege Escalation to root administrator (nsroot) • https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467 • CWE-269: Improper Privilege Management •
CVSS: 8.3EPSS: 0%CPEs: 8EXPL: 0CVE-2023-3466
https://notcve.org/view.php?id=CVE-2023-3466
Reflected Cross-Site Scripting (XSS) • https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467 • CWE-20: Improper Input Validation CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 96%CPEs: 8EXPL: 10CVE-2023-3519 – Citrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability
https://notcve.org/view.php?id=CVE-2023-3519
Unauthenticated remote code execution Citrix NetScaler ADC and NetScaler Gateway contains a code injection vulnerability that allows for unauthenticated remote code execution. • https://github.com/BishopFox/CVE-2023-3519 https://github.com/mr-r3b00t/CVE-2023-3519 https://github.com/SalehLardhi/CVE-2023-3519 https://github.com/Chocapikk/CVE-2023-3519 https://github.com/Mohammaddvd/CVE-2023-3519 https://github.com/d0rb/CVE-2023-3519 https://github.com/KR0N-SECURITY/CVE-2023-3519 https://github.com/passwa11/CVE-2023-3519 https://github.com/JonaNeidhart/CVE-2023-3519-BackdoorCheck http://packetstormsecurity.com/files/173997/Citrix-ADC-NetScaler-Remote-C • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2018-5314
https://notcve.org/view.php?id=CVE-2018-5314
Command injection vulnerability in Citrix NetScaler ADC and NetScaler Gateway 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build 53.13; and the NetScaler Load Balancing instance distributed with NetScaler SD-WAN/CloudBridge 4000, 4100, 5000 and 5100 WAN Optimization Edition 9.3.0 allows remote attackers to execute a system command or read arbitrary files via an SSH login prompt. Vulnerabilidad de inyección de comandos en Citrix NetScaler ADC y NetScaler Gateway en versiones 11.0 anteriores a la build 70.16, versiones 11.1 anteriores a la build 55.13 y las versiones 12.0 anteriores a la build 53.13; y la instancia NetScaler Load Balancing distribuida en NetScaler SD-WAN/CloudBridge 4000, 4100, 5000 y 5100 WAN Optimization Edition 9.3.0 permite que atacantes remotos ejecuten un comando del sistema o lean archivos arbitrarios mediante un mensaje de inicio de sesión SSH. • http://www.securityfocus.com/bid/103186 http://www.securitytracker.com/id/1040439 https://support.citrix.com/article/CTX232199 • CWE-287: Improper Authentication •