HomePentest-Tools.com Logo

Citrix ADC Gateway - Remote Code Execution CVE-2023-3519

Severity
CVSSv3 Score
9.8
Vulnerability description

Citrix ADC Gateway is vulnerable to CVE-2023-3519, a Remote Code Execution vulnerability. The root cause of this vulnerability is a stack overflow caused by the inexistence of any bound checks when a SAML payload is parsed into a struct containing the relevant details. This vulnerability allows an unauthenticated remote attacker to gain Remote Code Execution.

Risk description

The risk exists that an unauthenticated remote attacker could gain Remote Code Execution access which will result in a fully compromised server through which they could steal confidential information, install ransomware, or pivot to the internal network.

Exploit capabilities

Sniper can gain unauthenticated Remote Code Execution on the target system and extract multiple artefacts as evidence.

Recommendation

Update Citrix ADC Gateway to the latest version available.

Codename
Not available
Detectable with
Network Scanner
Scan engine
Sniper
Exploitable with Sniper
Yes
CVE Published
Jul 19, 2023
Detection added at
Software Type
Firewall
Vendor
Citrix Systems, Inc.
Product
ADC