CVE-2007-6192 — Citrix Netscaler vulnerability

CWE-3103 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.2%

top 57.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Citrix Netscaler Citrix Netscaler ADC Gateway

Timeline

PublishedNov 30

Latest updateMay 1

Description

The web management interface in Citrix NetScaler 8.0 build 47.8 uses weak encryption (XOR of unpadded data) to store credentials within a cookie, which makes it easier for remote attackers to obtain cleartext credentials when a cookie is captured via a known-plaintext attack.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶NVDcitrix/netscaler8.0

▶citrixcitrix/netscaler_adc_gateway

🔴Vulnerability Details

GHSA

GHSA-5w67-96wr-rq68: The web management interface in Citrix NetScaler 8↗2022-05-01

▶

📋Vendor Advisories

Citrix

CVE-2007-6192: The web management interface in Citrix NetScaler 8.0 build 47.8 uses weak encryption (XOR of unpadded data) to store credentials within a cookie, whic↗2007-11-30

▶