IRONSMITHINTEL
HIGHCVSS8.2
|
Actively Exploited
|CISA KEV|CVE-2023-6549|Auth: none — unauthenticated|Reboot: required|Manual only

Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability (CVE-2023-6549)

Citrix NetScaler ADC and NetScaler Gateway contain a buffer overflow vulnerability that allows for a denial-of-service when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.

Published Jan 17, 2024 · Updated May 17, 2026
Why patchRisk explained in plain English
Worst-case scenarioIf unpatched

A remote attacker, without authentication, can achieve partial data exposure, partial data tampering, complete denial of service or system unavailability. Federal agencies are required to remediate by 2024-02-07 under CISA BOD 22-01.

How the attack worksNo clicks needed

This is a Buffer Overflow (CWE-119) vulnerability in Citrix NetScaler ADC and NetScaler Gateway. Improper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScaler Gateway allows Unauthenticated Denial of Service and Out-Of-Bounds Memory Read Exploitation requires remote network access, low attack complexity, no authentication required, and no user interaction required.

📧

Phishing link

🖼

Malicious file

🔓

Server compromised

Am I affected?Quick check

Probably yes if any of these apply:

Network Security Team
Firewall Administrators
IT Security
Running netscaler application delivery controller: 12.1 ≤ v < 12.1-55.302, 13.0 ≤ v < 13.0-92.21, 13.1 ≤ v < 13.1-37.176, 13.1 ≤ v < 13.1-51.15, 14.1 ≤ v < 14.1-12.35; netscaler gateway: 13.0 ≤ v < 13.0-92.21, 13.1 ≤ v < 13.1-51.15, 14.1 ≤ v < 14.1-12.35
Real-world incidentsWhat we've seen

CISA added this CVE to the Known Exploited Vulnerabilities catalog on 2024-01-17 based on evidence of active exploitation in the wild. Federal agencies required to remediate by 2024-02-07.

How to patch

Manual remediation steps

1
Identify affected hosts: query inventory for network-security installs in scope.
2
Apply the vendor security update referenced in CVE-2023-6549's advisory. No specific KB/version is encoded yet — consult the linked MSRC/vendor URL.
3
Verify the fix per the vendor's published verification steps.
4
Document the remediation in your change ticket and re-scan with your vulnerability scanner to confirm closure.
PowerShell automationComing soon

No tested PowerShell script for this entry yet. We’re prioritising automation based on user demand.

References

CVE-2023-6549MSRC AdvisoryNVDVendor Advisory