CVE-2017-17549

Опубликовано: 13 дек. 2017

Источник: nvd

CVSS3: 5.9

CVSS2: 4.3

EPSS Низкий

Описание

Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 allow remote attackers to obtain sensitive information from the backend client TLS handshake by leveraging use of TLS with Client Certificates and a Diffie-Hellman Ephemeral (DHE) key exchange.

Ссылки

http://www.securityfocus.com/bid/102177
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1040011
Third Party Advisory
VDB Entry
https://support.citrix.com/article/ctx230612
Vendor Advisory
http://www.securityfocus.com/bid/102177
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1040011
Third Party Advisory
VDB Entry
https://support.citrix.com/article/ctx230612
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:citrix:application_delivery_controller_firmware:10.5:*:*:*:*:*:*:*

cpe:2.3:o:citrix:application_delivery_controller_firmware:11.0:*:*:*:*:*:*:*

cpe:2.3:o:citrix:application_delivery_controller_firmware:11.1:*:*:*:*:*:*:*

cpe:2.3:o:citrix:application_delivery_controller_firmware:12.0:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:o:citrix:netscaler_gateway_firmware:10.5:*:*:*:*:*:*:*

cpe:2.3:o:citrix:netscaler_gateway_firmware:11.0:*:*:*:*:*:*:*

cpe:2.3:o:citrix:netscaler_gateway_firmware:11.1:*:*:*:*:*:*:*

cpe:2.3:o:citrix:netscaler_gateway_firmware:12.0:*:*:*:*:*:*:*

EPSS

Процентиль: 56%

0.00343

Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-8gj6-9x8x-c99v