Citrix ADC nsppe buffer overflow

Added: 08/09/2023
CVE: CVE-2023-3519

Background

Citrix ADC (formerly NetScaler ADC) is an application delivery and load balancing platform.

Problem

A buffer overflow vulnerability in the nsppe process in Citrix ADC allows an unauthenticated attacker to execute arbitrary commands by making a specially crafted HTTP GET request.

Resolution

Upgrade to Citrix ADC 13.0-91.13 or 13.1-49.13 or higher.

References

https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467

Limitations

Exploit works on Citrix VPX 13.1-48.47.

Platforms

Linux

Back to exploit index