CVE-2017-17382

Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack.

CVSS v3.0 5.9 MEDIUM
CVSS v2.0 4.3 MEDIUM

5.9^/10

CVSS v3.0 : MEDIUM

Vector : AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://www.kb.cert.org/vuls/id/144389	Third Party Advisory US Government Resource
https://support.citrix.com/article/ctx230238	Vendor Advisory
https://robotattack.org/	Third Party Advisory
http://www.securitytracker.com/id/1039985	Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/102173	Third Party Advisory VDB Entry

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:citrix:application_delivery_controller_firmware:10.5:::::::*
	cpe:2.3:o:citrix:application_delivery_controller_firmware:11.1:::::::*
	cpe:2.3:o:citrix:application_delivery_controller_firmware:12.0:::::::*
	cpe:2.3:o:citrix:application_delivery_controller_firmware:11.0:::::::*

Configuration 2 (hide)

OR	cpe:2.3:o:citrix:netscaler_gateway_firmware:11.1:::::::*
	cpe:2.3:o:citrix:netscaler_gateway_firmware:10.5:::::::*
	cpe:2.3:o:citrix:netscaler_gateway_firmware:11.0:::::::*
	cpe:2.3:o:citrix:netscaler_gateway_firmware:12.0:::::::*

Information

Published : 2017-12-13 08:29

Updated : 2019-10-02 17:03

NVD link : CVE-2017-17382

Mitre link : CVE-2017-17382

JSON object : View

CWE

CWE-327

Use of a Broken or Risky Cryptographic Algorithm

Advertisement

Products Affected

citrix

application_delivery_controller_firmware
netscaler_gateway_firmware

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://www.kb.cert.org/vuls/id/144389", "name": "VU#144389", "tags": ["Third Party Advisory", "US Government Resource"], "refsource": "CERT-VN"}, {"url": "https://support.citrix.com/article/ctx230238", "name": "https://support.citrix.com/article/ctx230238", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "https://robotattack.org/", "name": "https://robotattack.org/", "tags": ["Third Party Advisory"], "refsource": "MISC"}, {"url": "http://www.securitytracker.com/id/1039985", "name": "1039985", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "SECTRACK"}, {"url": "http://www.securityfocus.com/bid/102173", "name": "102173", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BID"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-327"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2017-17382", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.2}}, "publishedDate": "2017-12-13T16:29Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:citrix:application_delivery_controller_firmware:10.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:citrix:application_delivery_controller_firmware:11.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:citrix:application_delivery_controller_firmware:12.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:citrix:application_delivery_controller_firmware:11.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:citrix:netscaler_gateway_firmware:11.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:citrix:netscaler_gateway_firmware:10.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:citrix:netscaler_gateway_firmware:11.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:citrix:netscaler_gateway_firmware:12.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2019-10-03T00:03Z"}