PT-2017-14849 · Citrix · Citrix Netscaler Application Delivery Controller+1
Publicado
2017-12-13
·
Atualizado
2018-01-05
·
CVE-2017-17549
CVSS v3.1
5.9
Média
| Vetor | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway versions 10.5 before build 67.13
Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway versions 11.0 before build 71.22
Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway versions 11.1 before build 56.19
Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway versions 12.0 before build 53.22
Description
The issue allows remote attackers to obtain sensitive information from the backend client TLS handshake by leveraging the use of TLS with Client Certificates and a Diffie-Hellman Ephemeral (DHE) key exchange.
Recommendations
For versions 10.5 before build 67.13, update to build 67.13 or later to resolve the issue.
For versions 11.0 before build 71.22, update to build 71.22 or later to resolve the issue.
For versions 11.1 before build 56.19, update to build 56.19 or later to resolve the issue.
For versions 12.0 before build 53.22, update to build 53.22 or later to resolve the issue.
Correção
Information Disclosure
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Citrix Netscaler Application Delivery Controller
Netscaler Gateway