CVE-2017-17382

Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack.
References
Link Resource
http://www.securityfocus.com/bid/102173 Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1039985 Third Party Advisory VDB Entry
https://robotattack.org/ Third Party Advisory
https://support.citrix.com/article/ctx230238 Vendor Advisory
https://www.kb.cert.org/vuls/id/144389 Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:citrix:application_delivery_controller_firmware:10.5:*:*:*:*:*:*:*
cpe:2.3:o:citrix:application_delivery_controller_firmware:11.0:*:*:*:*:*:*:*
cpe:2.3:o:citrix:application_delivery_controller_firmware:11.1:*:*:*:*:*:*:*
cpe:2.3:o:citrix:application_delivery_controller_firmware:12.0:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:citrix:netscaler_gateway_firmware:10.5:*:*:*:*:*:*:*
cpe:2.3:o:citrix:netscaler_gateway_firmware:11.0:*:*:*:*:*:*:*
cpe:2.3:o:citrix:netscaler_gateway_firmware:11.1:*:*:*:*:*:*:*
cpe:2.3:o:citrix:netscaler_gateway_firmware:12.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-12-13 16:29

Updated : 2024-02-28 16:04


NVD link : CVE-2017-17382

Mitre link : CVE-2017-17382

CVE.ORG link : CVE-2017-17382


JSON object : View

Products Affected

citrix

  • application_delivery_controller_firmware
  • netscaler_gateway_firmware
CWE
CWE-327

Use of a Broken or Risky Cryptographic Algorithm