CVE-2017-17549 — Sensitive Information Exposure in Citrix Application Delivery Controller Firmware

CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

5.9MEDIUMNVD

EPSS

0.6%

top 29.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Citrix Application Delivery Controller Firmware Citrix Netscaler Gateway Firmware Citrix Netscaler ADC Gateway

Timeline

PublishedDec 13

Latest updateMay 14

Description

Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 allow remote attackers to obtain sensitive information from the backend client TLS handshake by leveraging use of TLS with Client Certificates and a Diffie-Hellman Ephemeral (DHE) key exchange.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages3 packages

▶citrixcitrix/netscaler_adc_gateway

▶NVDcitrix/netscaler_gateway_firmware4 versions+3

▶NVDcitrix/application_delivery_controller_firmware4 versions+3

🔴Vulnerability Details

GHSA

GHSA-8gj6-9x8x-c99v: Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10↗2022-05-14

▶

📋Vendor Advisories

Citrix

CVE-2017-17549: Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19↗2017-12-13

▶