5.5 Medium
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
8.2 High
AI Score
Confidence
Low
0.016 Low
EPSS
Percentile
87.4%
Improper Control of Generation of Code (‘Code Injection’) in NetScaler ADC and NetScaler Gateway allows an attacker with access to NSIP, CLIP or SNIP with management interface to perform Authenticated (low privileged) remote code execution on Management Interface.
[
{
"vendor": "Cloud Software Group",
"product": "NetScaler ADC ",
"versions": [
{
"status": "affected",
"version": "14.1",
"lessThan": "12.35",
"versionType": "patch"
},
{
"status": "affected",
"version": "13.1",
"lessThan": "51.15",
"versionType": "patch"
},
{
"status": "affected",
"version": "13.0 ",
"lessThan": "92.21",
"versionType": "patch"
},
{
"status": "affected",
"version": " 13.1-FIPS",
"lessThan": "37.176",
"versionType": "patch"
},
{
"status": "affected",
"version": "12.1-FIPS",
"lessThan": "55.302",
"versionType": "patch"
},
{
"status": "affected",
"version": "12.1-NDcPP",
"lessThan": "55.302",
"versionType": "patch"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "Cloud Software Group",
"product": "NetScaler Gateway",
"versions": [
{
"status": "affected",
"version": "14.1",
"lessThan": "12.35",
"versionType": "patch"
},
{
"status": "affected",
"version": "13.1",
"lessThan": "51.15",
"versionType": "patch"
},
{
"status": "affected",
"version": "13.0",
"lessThan": "92.21",
"versionType": "patch"
}
],
"defaultStatus": "unaffected"
}
]
5.5 Medium
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
8.2 High
AI Score
Confidence
Low
0.016 Low
EPSS
Percentile
87.4%