PT-2017-16768 · Citrix · Citrix Netscaler Gateway+1
Publicado
2017-02-08
·
Atualizado
2017-03-14
·
CVE-2017-5933
CVSS v3.1
5.9
Média
| Vetor | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Citrix NetScaler ADC and NetScaler Gateway versions 10.5 before Build 65.11
Citrix NetScaler ADC and NetScaler Gateway versions 11.0 before Build 69.12/69.123
Citrix NetScaler ADC and NetScaler Gateway versions 11.1 before Build 51.21
Description
The issue makes it easier for remote attackers to obtain the GCM authentication key and spoof data by leveraging a reused nonce in a session and a "forbidden attack". This is due to the random generation of GCM nonces.
Recommendations
For versions 10.5 before Build 65.11, update to Build 65.11 or later.
For versions 11.0 before Build 69.12/69.123, update to Build 69.12/69.123 or later.
For versions 11.1 before Build 51.21, update to Build 51.21 or later.
Correção
Information Disclosure
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Citrix Netscaler Adc
Citrix Netscaler Gateway