Description
Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway allows an attacker with access to NSIP, CLIP or SNIP with management interface to perform Authenticated (low privileged) remote code execution on Management Interface.
CVSS Metrics
- Vector
- CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
- Attack Vector
- adjacent network
- Complexity
- low
- Privileges
- low
- User Action
- none
- Scope
- unchanged
- Confidentiality
- low
- Integrity
- low
- Availability
- low
- Weaknesses
- CWE-94CWE-94
Metadata
- Primary Vendor
- CITRIX
- Published
- 1/17/2024
- Last Modified
- 10/24/2025
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
citrix : netscaler_application_delivery_controllercitrix : netscaler_application_delivery_controllercitrix : netscaler_application_delivery_controllercitrix : netscaler_application_delivery_controllercitrix : netscaler_application_delivery_controllercitrix : netscaler_application_delivery_controllercitrix : netscaler_gatewaycitrix : netscaler_gatewaycitrix : netscaler_gateway
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.