CVE-2015-3642 — Sensitive Information Exposure in Citrix ADM

CWE-200 — Sensitive Information Exposure4 documents3 sources

Severity

5.9MEDIUMNVD

EPSS

0.3%

top 47.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Citrix ADM Citrix Hypervisor Citrix Virtual Apps AND Desktops +5 more

Timeline

PublishedAug 2

Latest updateMay 17

Description

The TLS and DTLS processing functionality in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway devices with firmware 9.x before 9.3 Build 68.5, 10.0 through Build 78.6, 10.1 before Build 130.13, 10.1.e before Build 130.1302.e, 10.5 before Build 55.8, and 10.5.e before Build 55.8007.e makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE).

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages8 packages

▶citrixcitrix/netscaler_gateway

▶citrixcitrix/netscaler_adc_gateway

▶citrixcitrix/netscaler_adc

▶citrixcitrix/xenserver

▶citrixcitrix/citrix_adm

🔴Vulnerability Details

GHSA

GHSA-2262-5cw2-4w9w: The TLS and DTLS processing functionality in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway devices with firmware 9↗2022-05-17

▶

📋Vendor Advisories

Citrix

CVE-2015-3642: The TLS and DTLS processing functionality in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway devices with firmware 9.x be↗2017-08-02

▶

Citrix

Citrix Security Bulletin CTX200378↗

▶