CVE-2017-17382 — Use of a Broken or Risky Cryptographic Algorithm in Citrix Application Delivery Controller Firmware

CWE-327 — Use of a Broken or Risky Cryptographic Algorithm3 documents3 sources

Severity

5.9MEDIUMNVD

EPSS

78.3%

top 0.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Citrix Application Delivery Controller Firmware Citrix Netscaler Gateway Firmware Citrix Netscaler ADC Gateway

Timeline

PublishedDec 13

Latest updateMay 13

Description

Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages3 packages

▶citrixcitrix/netscaler_adc_gateway

▶NVDcitrix/netscaler_gateway_firmware4 versions+3

▶NVDcitrix/application_delivery_controller_firmware4 versions+3

🔴Vulnerability Details

GHSA

GHSA-fwq4-vph9-wfm2: Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10↗2022-05-13

▶

📋Vendor Advisories

Citrix

CVE-2017-17382: Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19↗2017-12-13

▶