CVE-2017-17382

Опубликовано: 13 дек. 2017

Источник: nvd

CVSS3: 5.9

CVSS2: 4.3

EPSS Высокий

Описание

Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack.

Ссылки

http://www.securityfocus.com/bid/102173
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039985
Third Party Advisory
VDB Entry
https://robotattack.org/
Third Party Advisory
https://support.citrix.com/article/ctx230238
Vendor Advisory
https://www.kb.cert.org/vuls/id/144389
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/102173
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039985
Third Party Advisory
VDB Entry
https://robotattack.org/
Third Party Advisory
https://support.citrix.com/article/ctx230238
Vendor Advisory
https://www.kb.cert.org/vuls/id/144389
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:citrix:application_delivery_controller_firmware:10.5:*:*:*:*:*:*:*

cpe:2.3:o:citrix:application_delivery_controller_firmware:11.0:*:*:*:*:*:*:*

cpe:2.3:o:citrix:application_delivery_controller_firmware:11.1:*:*:*:*:*:*:*

cpe:2.3:o:citrix:application_delivery_controller_firmware:12.0:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:o:citrix:netscaler_gateway_firmware:10.5:*:*:*:*:*:*:*

cpe:2.3:o:citrix:netscaler_gateway_firmware:11.0:*:*:*:*:*:*:*

cpe:2.3:o:citrix:netscaler_gateway_firmware:11.1:*:*:*:*:*:*:*

cpe:2.3:o:citrix:netscaler_gateway_firmware:12.0:*:*:*:*:*:*:*

EPSS

Процентиль: 99%

0.79419

Высокий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-327

Связанные уязвимости

GHSA-fwq4-vph9-wfm2