KEVIntel
Back to KEVs
9.8
CVSS
Critical

CVE-2023-3519

PUBLISHED

Unauthenticated remote code execution

Exploited in the wild Used in malware Remote Low complexity No user interaction
Vendor
Citrix
Product
NetScaler ADC, NetScaler Gateway
Published
Jul 19, 2023
EPSS

Description

Unauthenticated remote code execution

cisa malware ransomware nuclei_scanner metasploit

CVSS scores

CVSS v3.1 9.8 Critical

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitation status

Exploited in the wild

Recorded 2023-07-19 00:00:00 UTC · Source

Used in malware

Recorded 2023-07-19 00:00:00 UTC · Source

SSVC decision points

Exploitation
active
Automatable
No
Technical impact
total

References

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source Added
CISA Jul 19, 2023

Scanner integrations

Scanner Reference Detected
Nuclei https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-3519.yaml Jun 01, 2026
Metasploit https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/freebsd/http/citrix_formssso_target_rce.rb Apr 28, 2025

Potential proof of concepts

These PoCs are unverified and could contain malware. Use at your own risk.

citrix_formssso_target_rce

metasploit · Created Unknown

Metasploit module for CVE-2023-3519

Mohammaddvd/CVE-2023-3519

github · Created 2023-10-27 18:39:31 UTC · 5 stars

Stack-Overflow on Citrix

Chocapikk/CVE-2023-3519

github · Created 2023-08-24 12:24:24 UTC · 5 stars

Citrix ADC RCE CVE-2023-3519

SalehLardhi/CVE-2023-3519

github · Created 2023-07-21 22:10:03 UTC · 11 stars

CVE-2023-3519 vuln for nuclei scanner

BishopFox/CVE-2023-3519

github · Created 2023-07-21 20:17:43 UTC · 223 stars

RCE exploit for CVE-2023-3519

mr-r3b00t/CVE-2023-3519

github · Created 2023-07-21 08:55:28 UTC · 15 stars

Timeline

  • CVE ID Reserved

  • Exploit Used in Malware

  • Added to KEVIntel

  • CVE Published to Public

  • Detected by Metasploit

  • Detected by Nuclei