Published: January 19, 2024


Two vulnerabilities, CVE-2023-6548 and CVE-2023-6549, have been discovered in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway), advanced networking solutions for optimizing application delivery and enabling secure remote access. These vulnerabilities are currently being exploited in the wild.


CVE-2023-6548 (CVSS 5.5) allows low-privilege accounts to potentially execute remote code on NetScaler ADC and Gateway appliances. The vulnerabilities can be compromised only if NetScaler ADC or the NetScaler Gateway management IP is available on the public internet.

CVE-2023-6549 (CVSS 8.2) could result in denial of service if the appliance is configured as a gateway, such as VPN virtual server.

Only customer-managed NetScaler appliances are affected; NetScaler-managed cloud services are not affected.

Applicable Versions

Affected VersionsNot Affected Versions
NetScaler ADC and NetScaler Gateway 14.1 before 14.1-12.35NetScaler ADC and NetScaler Gateway 14.1-12.35 and later releases
NetScaler ADC and NetScaler Gateway 13.1 before 13.1-51.15NetScaler ADC and NetScaler Gateway 13.1-51.15 and later releases of 13.1
NetScaler ADC and NetScaler Gateway 13.0 before 13.0-92.21NetScaler ADC and NetScaler Gateway 13.0-92.21 and later releases of 13.0  
NetScaler ADC 13.1-FIPS before 13.1-37.176NetScaler ADC 13.1-FIPS 13.1-37.176 and later releases of 13.1-FIPS  
NetScaler ADC 12.1-FIPS before 12.1-55.302NetScaler ADC 12.1-FIPS 12.1-55.302 and later releases of 12.1-FIPS  
NetScaler ADC 12.1-NDcPP before 12.1-55.302NetScaler ADC 12.1-NDcPP 12.1-55.302 and later releases of 12.1-NDcPP 

Mitigations and Workarounds

It is advised to install the recommended builds available in the advisory from Citrix:

Best Practices

CVE- 2023- 6548 only impacts the management interface. It is not recommended to expose the management interface to the internet.

Netsurion Detection and Response

Netsurion researchers are continuously monitoring the exploits of this vulnerability. Netsurion’s vulnerability management system will detect  CVE-2023-6548 and CVE-2023-6549 for customers who have subscribed to Netsurion Vulnerability Management.