NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2023-6548 and CVE-2023-6549

Two vulnerabilities have been discovered in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway).

Affected Versions:

The following supported versions of NetScaler ADC and NetScaler Gateway are affected by the vulnerabilities:

• NetScaler ADC and NetScaler Gateway14.1before14.1-12.35
• NetScaler ADC and NetScaler Gateway13.1before13.1-51.15
• NetScaler ADC and NetScaler Gateway13.0before 13.0-92.21
• NetScaler ADC 13.1-FIPS before 13.1-37.176
• NetScaler ADC 12.1-FIPS before 12.1-55.302
• NetScaler ADC 12.1-NDcPP before 12.1-55.302

Note: NetScaler ADC and NetScaler Gateway version 12.1 is now End Of Life (EOL) and is vulnerable.

This bulletin only applies to customer-managed NetScaler ADC and NetScaler Gateway products. Customers using Citrix-managed cloud services or Citrix-managed Adaptive Authentication do not need to take any action.

Summary:

NetScaler ADC and NetScaler Gateway contain the vulnerabilities described below.