PT-2017-14849 · Citrix · Citrix Netscaler Application Delivery Controller+1
Published
2017-12-13
·
Updated
2018-01-05
·
CVE-2017-17549
CVSS v3.1
5.9
Medium
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway versions 10.5 before build 67.13
Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway versions 11.0 before build 71.22
Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway versions 11.1 before build 56.19
Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway versions 12.0 before build 53.22
Description
The issue allows remote attackers to obtain sensitive information from the backend client TLS handshake by leveraging the use of TLS with Client Certificates and a Diffie-Hellman Ephemeral (DHE) key exchange.
Recommendations
For versions 10.5 before build 67.13, update to build 67.13 or later to resolve the issue.
For versions 11.0 before build 71.22, update to build 71.22 or later to resolve the issue.
For versions 11.1 before build 56.19, update to build 56.19 or later to resolve the issue.
For versions 12.0 before build 53.22, update to build 53.22 or later to resolve the issue.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Citrix Netscaler Application Delivery Controller
Netscaler Gateway