CVE-2017-5933

Опубликовано: 08 фев. 2017

Источник: nvd

CVSS3: 5.9

CVSS2: 4.3

EPSS Низкий

Описание

Citrix NetScaler ADC and NetScaler Gateway 10.5 before Build 65.11, 11.0 before Build 69.12/69.123, and 11.1 before Build 51.21 randomly generates GCM nonces, which makes it marginally easier for remote attackers to obtain the GCM authentication key and spoof data by leveraging a reused nonce in a session and a "forbidden attack," a similar issue to CVE-2016-0270.

Ссылки

http://www.securityfocus.com/bid/96151
Third Party Advisory
VDB Entry
https://github.com/nonce-disrespect/nonce-disrespect
Third Party Advisory
https://support.citrix.com/article/CTX220329
Vendor Advisory
http://www.securityfocus.com/bid/96151
Third Party Advisory
VDB Entry
https://github.com/nonce-disrespect/nonce-disrespect
Third Party Advisory
https://support.citrix.com/article/CTX220329
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:citrix:netscaler_application_delivery_controller_firmware:*:*:*:*:*:*:*:*

Версия до 10.5.65.11 (включая)

cpe:2.3:a:citrix:netscaler_application_delivery_controller_firmware:*:*:*:*:*:*:*:*

Версия до 11.0.69.12 (включая)

cpe:2.3:a:citrix:netscaler_application_delivery_controller_firmware:*:*:*:*:*:*:*:*

Версия до 11.1.51.21 (включая)

EPSS

Процентиль: 67%

0.00531

Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-5c4h-j88c-ggfr

CVSS3: 5.9

github

больше 3 лет назад

EPSS

Процентиль: 67%

0.00531

Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-200