PT-2017-16768 · Citrix · Citrix Netscaler Gateway+1

Published

2017-02-08

Updated

2017-03-14

CVE-2017-5933

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Citrix NetScaler ADC and NetScaler Gateway versions 10.5 before Build 65.11 Citrix NetScaler ADC and NetScaler Gateway versions 11.0 before Build 69.12/69.123 Citrix NetScaler ADC and NetScaler Gateway versions 11.1 before Build 51.21

Description The issue makes it easier for remote attackers to obtain the GCM authentication key and spoof data by leveraging a reused nonce in a session and a "forbidden attack". This is due to the random generation of GCM nonces.

Recommendations For versions 10.5 before Build 65.11, update to Build 65.11 or later. For versions 11.0 before Build 69.12/69.123, update to Build 69.12/69.123 or later. For versions 11.1 before Build 51.21, update to Build 51.21 or later.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2017-5933

Affected Products

Citrix Netscaler Adc

Citrix Netscaler Gateway

PT-2017-16768 · Citrix · Citrix Netscaler Gateway+1

CVE-2017-5933

Weakness Enumeration

Related Identifiers

Affected Products

References · 5