Citrix ADC Gateway - Remote Code Execution (CVE-2023-3519)
- CVSSv3 Score
- Vulnerability description
Citrix ADC Gateway is vulnerable to CVE-2023-3519, a Remote Code Execution vulnerability. The root cause of this vulnerability is a stack overflow caused by the inexistence of any bound checks when a SAML payload is parsed into a struct containing the relevant details. This vulnerability allows an unauthenticated remote attacker to gain Remote Code Execution.
- Risk description
The risk exists that an unauthenticated remote attacker could gain Remote Code Execution access which will result in a fully compromised server through which they could steal confidential information, install ransomware, or pivot to the internal network.
- Exploit capabilities
Sniper can gain unauthenticated Remote Code Execution on the target system and extract multiple artefacts as evidence.
Update Citrix ADC Gateway to the latest version available.
- Not available