cbcvebase.
CVE-2017-5933
published 2017-02-08

CVE-2017-5933: Citrix NetScaler ADC and NetScaler Gateway 10.5 before Build 65.11, 11.0 before Build 69.12/69.123, and 11.1 before Build 51.21 randomly generates GCM nonces…

PriorityP336medium5.9CVSS 3.0
AVNACHPRNUINSUCHINAN
EPSS
3.18%
86.5th percentile
Citrix NetScaler ADC and NetScaler Gateway 10.5 before Build 65.11, 11.0 before Build 69.12/69.123, and 11.1 before Build 51.21 randomly generates GCM nonces, which makes it marginally easier for remote attackers to obtain the GCM authentication key and spoof data by leveraging a reused nonce in a session and a "forbidden attack," a similar issue to CVE-2016-0270.

Affected

18 ranges
VendorProductVersion rangeFixed in
citrixcitrix_adm
citrixcitrix_hypervisor
citrixcitrix_virtual_apps_and_desktops
citrixendpoint_management
citrixnetscaler_adc
citrixnetscaler_adc_gateway
citrixnetscaler_application_delivery_controller_firmware<= 10.5.65.11
citrixnetscaler_application_delivery_controller_firmware<= 11.0.69.12
citrixnetscaler_application_delivery_controller_firmware<= 11.1.51.21
citrixnetscaler_gateway
citrixxenserver
ibmclient_application_access
ibmdomino
ibmdomino
ibmdomino
ibmnotes
ibmnotes
ibmnotes

CVSS provenance

nvdv3.05.9MEDIUMCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.