Skip to main content

Application Delivery Controller Firmware CVE-2017-17382

MEDIUM
Use of a Broken or Risky Cryptographic Algorithm (CWE-327)
2017-12-13 cve@mitre.org
5.9
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
5.9 MEDIUM
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Dec 13, 2017 - 16:29 cve.org
MEDIUM 5.9

DescriptionCVE.org

Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack.

AnalysisAI

Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 might allow remote. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 78.3%.

Technical ContextAI

This vulnerability is classified under CWE-327. Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack. Affected products include: Citrix Application Delivery Controller Firmware, Citrix Netscaler Gateway Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2020-8195 MEDIUM POC
6.5 Jul 10

Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.1

CVE-2020-8194 MEDIUM POC
6.5 Jul 10

Reflected code injection in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14

CVE-2020-8193 MEDIUM POC
6.5 Jul 10

Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14

CVE-2020-8191 MEDIUM POC
6.1 Jul 10

Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.1

CVE-2022-27516 CRITICAL
9.8 Nov 08

User login brute force protection functionality bypass. Rated critical severity (CVSS 9.8), this vulnerability is remote

CVE-2022-27510 CRITICAL
9.8 Nov 08

Unauthorized access to Gateway user capabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exp

CVE-2019-18225 CRITICAL
9.8 Oct 21

An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway before 10.5 build 70.8, 11.x before

CVE-2018-7218 CRITICAL
9.8 May 17

The AppFirewall functionality in Citrix NetScaler Application Delivery Controller and NetScaler Gateway 10.5 before Buil

CVE-2022-27513 CRITICAL
9.6 Nov 08

Remote desktop takeover via phishing. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no

CVE-2020-8247 HIGH
8.8 Sep 18

Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix AD

CVE-2020-8197 HIGH
8.8 Jul 10

Privilege escalation vulnerability on Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21,

CVE-2021-22927 HIGH
8.1 Aug 05

A session fixation vulnerability exists in Citrix ADC and Citrix Gateway 13.0-82.45 when configured SAML service provide

Share

CVE-2017-17382 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy