CVSS: 8.0EPSS: 0%CPEs: 8EXPL: 0CVE-2023-3467
https://notcve.org/view.php?id=CVE-2023-3467
Privilege Escalation to root administrator (nsroot) • https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467 • CWE-269: Improper Privilege Management •
CVSS: 8.3EPSS: 0%CPEs: 8EXPL: 0CVE-2023-3466
https://notcve.org/view.php?id=CVE-2023-3466
Reflected Cross-Site Scripting (XSS) • https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467 • CWE-20: Improper Input Validation CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 96%CPEs: 8EXPL: 11CVE-2023-3519 – Citrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability
https://notcve.org/view.php?id=CVE-2023-3519
Unauthenticated remote code execution Citrix NetScaler ADC and NetScaler Gateway contains a code injection vulnerability that allows for unauthenticated remote code execution. • https://github.com/BishopFox/CVE-2023-3519 https://github.com/mr-r3b00t/CVE-2023-3519 https://github.com/SalehLardhi/CVE-2023-3519 https://github.com/Chocapikk/CVE-2023-3519 https://github.com/Mohammaddvd/CVE-2023-3519 https://github.com/d0rb/CVE-2023-3519 https://github.com/KR0N-SECURITY/CVE-2023-3519 https://github.com/passwa11/CVE-2023-3519 https://github.com/JonaNeidhart/CVE-2023-3519-BackdoorCheck http://packetstormsecurity.com/files/173997/Citrix-ADC-NetScaler-Remote-C • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 97%CPEs: 13EXPL: 32CVE-2019-19781 – Citrix ADC, Gateway, and SD-WAN WANOP Appliance Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-19781
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal. Se descubrió un problema en Citrix Application Delivery Controller (ADC) and Gateway versiones 10.5, 11.1, 12.0, 12.1 y 13.0. Permiten un salto de directorio. Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an unspecified vulnerability that could allow an unauthenticated attacker to perform code execution. • https://www.exploit-db.com/exploits/47930 https://www.exploit-db.com/exploits/47913 https://www.exploit-db.com/exploits/47901 https://github.com/projectzeroindia/CVE-2019-19781 https://github.com/mpgn/CVE-2019-19781 https://github.com/jas502n/CVE-2019-19781 https://github.com/mandiant/ioc-scanner-CVE-2019-19781 https://github.com/citrix/ioc-scanner-CVE-2019-19781 https://github.com/haxrob/CVE-2019-19781 https://github.com/aqhmal/CVE-2019-19781 https://github.com • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 13EXPL: 0CVE-2019-18225
https://notcve.org/view.php?id=CVE-2019-18225
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway before 10.5 build 70.8, 11.x before 11.1 build 63.9, 12.0 before build 62.10, 12.1 before build 54.16, and 13.0 before build 41.28. An attacker with management-interface access can bypass authentication to obtain appliance administrative access. These products formerly used the NetScaler brand name. Se detectó un problema en Citrix Application Delivery Controller (ADC) y Gateway versiones anteriores a 10.5 build 70.8, versiones 11.x anteriores a 11.1 build 63.9, versión 12.0 anterior a build 62.10, versión 12.1 anterior a build 54.16 y versión 13.0 anterior a build 41.28. Un atacante con acceso a la interfaz de administración puede omitir la autenticación para obtener acceso administrativo del dispositivo. • https://support.citrix.com/article/CTX261055 •