1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. Citrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability

Known Exploited Vulnerabilities CVE-2023-3519 Mappings

Unauthenticated remote code execution

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2023-3519 Citrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability secondary_impact T1087.002 Domain Account
Comments
This vulnerability allows for unauthenticated remote code execution. This can be exploited via an HTTP GET request that triggers a stack buffer overflow. Adversaries have been observed to use this exploitation to drop a webshell on a target machine and subsequently discover, collect, and exfiltrate active directory data.
References
  1. https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-201a
  2. https://packetstormsecurity.com/files/173997/Citrix-ADC-NetScaler-Remote-Code-Execution.html
CVE-2023-3519 Citrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability primary_impact T1105 Ingress Tool Transfer
Comments
This vulnerability allows for unauthenticated remote code execution. This can be exploited via an HTTP GET request that triggers a stack buffer overflow. Adversaries have been observed to use this exploitation to drop a webshell on a target machine and subsequently discover, collect, and exfiltrate active directory data.
References
  1. https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-201a
  2. https://packetstormsecurity.com/files/173997/Citrix-ADC-NetScaler-Remote-Code-Execution.html
CVE-2023-3519 Citrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability exploitation_technique T1574 Hijack Execution Flow
Comments
This vulnerability allows for unauthenticated remote code execution. This can be exploited via an HTTP GET request that triggers a stack buffer overflow. Adversaries have been observed to use this exploitation to drop a webshell on a target machine and subsequently discover, collect, and exfiltrate active directory data.
References
  1. https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-201a
  2. https://packetstormsecurity.com/files/173997/Citrix-ADC-NetScaler-Remote-Code-Execution.html
CVE-2023-3519 Citrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability exploitation_technique T1190 Exploit Public-Facing Application
Comments
This vulnerability allows for unauthenticated remote code execution. This can be exploited via an HTTP GET request that triggers a stack buffer overflow. Adversaries have been observed to use this exploitation to drop a webshell on a target machine and subsequently discover, collect, and exfiltrate active directory data.
References
  1. https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-201a
  2. https://packetstormsecurity.com/files/173997/Citrix-ADC-NetScaler-Remote-Code-Execution.html