CVE-2019-6485Use of a Broken or Risky Cryptographic Algorithm in Citrix Netscaler Application Delivery Controller Firmware

CWE-327Use of a Broken or Risky Cryptographic Algorithm4 documents3 sources
Severity
5.9MEDIUMNVD
EPSS
0.4%
top 40.10%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
10
Citrix Netscaler Application Delivery Controller FirmwareCitrix Netscaler Gateway FirmwareCitrix ADM+7 more
Timeline
PublishedFeb 22
Latest updateMay 13

Description

Citrix NetScaler Gateway 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 and Application Delivery Controller (ADC) 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 allow remote attackers to obtain sensitive plaintext information because of a TLS Padding Oracle Vulnerability when CBC-based cipher suites are enabled.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages10 packages

Patches

Patch: support.citrix.comPatch: support.citrix.com

🔴Vulnerability Details

1
GHSA
GHSA-759j-f46v-ghhc: Citrix NetScaler Gateway 122022-05-13

📋Vendor Advisories

2
Citrix
CVE-2019-6485: Citrix NetScaler Gateway 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.52019-02-22
Citrix
Citrix Security Bulletin CTX240139