CVE-2023-3467

Privilege Escalation to root administrator (nsroot)

CVSS v3 8.0 HIGH

8.0^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.1 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:citrix:netscaler_application_delivery_controller:::::fips:::*
	cpe:2.3:a:citrix:netscaler_application_delivery_controller:::::ndcpp:::*
	cpe:2.3:a:citrix:netscaler_application_delivery_controller:::::-:::*
	cpe:2.3:a:citrix:netscaler_application_delivery_controller:::::fips:::*
	cpe:2.3:a:citrix:netscaler_application_delivery_controller:::::-:::*
	cpe:2.3:a:citrix:netscaler_application_delivery_controller:11.1-65.22::::fips:::
	cpe:2.3:a:citrix:netscaler_gateway::::::::
	cpe:2.3:a:citrix:netscaler_gateway::::::::

History

28 Jul 2023, 14:54

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 8.0
References	~~(MISC) https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467 -~~	(MISC) https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467 - Vendor Advisory
CPE		cpe:2.3:a:citrix:netscaler_application_delivery_controller:11.1-65.22::::fips::: cpe:2.3:a:citrix:netscaler_gateway:::::::: cpe:2.3:a:citrix:netscaler_application_delivery_controller:::::fips:::* cpe:2.3:a:citrix:netscaler_application_delivery_controller:::::ndcpp:::* cpe:2.3:a:citrix:netscaler_application_delivery_controller:::::-:::*
CWE		NVD-CWE-noinfo

19 Jul 2023, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-07-19 19:15

Updated : 2024-02-05 00:01

NVD link : CVE-2023-3467

Mitre link : CVE-2023-3467

CVE.ORG link : CVE-2023-3467

JSON object : View

Products Affected

citrix

netscaler_gateway
netscaler_application_delivery_controller

CWE

NVD-CWE-noinfo CWE-269

Improper Privilege Management

{"id": "CVE-2023-3467", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.0, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.1}, {"type": "Secondary", "source": "secure@citrix.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.0, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.1}]}, "published": "2023-07-19T19:15:12.110", "references": [{"url": "https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467", "tags": ["Vendor Advisory"], "source": "secure@citrix.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "secure@citrix.com", "description": [{"lang": "en", "value": "CWE-269"}]}], "descriptions": [{"lang": "en", "value": "Privilege Escalation to root administrator (nsroot)\n"}], "lastModified": "2023-07-28T14:54:03.353", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:*", "vulnerable": true, "matchCriteriaId": "8927B2FA-F87E-4D81-AC29-9032184ECB7E", "versionEndExcluding": "12.1-55.297", "versionStartIncluding": "12.1"}, {"criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:ndcpp:*:*:*", "vulnerable": true, "matchCriteriaId": "9845E7B1-5604-497D-8241-048E91987C13", "versionEndExcluding": "12.1-55.297", "versionStartIncluding": "12.1"}, {"criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "AD949674-8DC1-4B0D-8C0C-F593539E12F1", "versionEndExcluding": "13.0-91.13", "versionStartIncluding": "13.0"}, {"criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:*", "vulnerable": true, "matchCriteriaId": "BD0739E3-F7A4-463C-96B0-9D7BDBF218C4", "versionEndExcluding": "13.1-37.159", "versionStartIncluding": "13.1"}, {"criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "FCEED8AC-F9A9-4F75-BB32-F53967A8E9A0", "versionEndExcluding": "13.1-49.13", "versionStartIncluding": "13.1"}, {"criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:11.1-65.22:*:*:*:fips:*:*:*", "vulnerable": true, "matchCriteriaId": "102C0D0F-AC37-43B0-8B9A-103B37436130"}, {"criteria": "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BC825A83-8D84-42C7-868F-0470FF79D497", "versionEndExcluding": "13.0-91.13", "versionStartIncluding": "13.0"}, {"criteria": "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "442F6925-199D-4E5B-84C1-05C4D8108B62", "versionEndExcluding": "13.1-49.13", "versionStartIncluding": "13.1"}], "operator": "OR"}]}], "sourceIdentifier": "secure@citrix.com"}