Vulnerability Description
Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Citrix | Application Delivery Controller Firmware | 10.5 |
| Citrix | Netscaler Gateway Firmware | 10.5 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/102173Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1039985Third Party AdvisoryVDB Entry
- https://robotattack.org/Third Party Advisory
- https://support.citrix.com/article/ctx230238Vendor Advisory
- https://www.kb.cert.org/vuls/id/144389Third Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/102173Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1039985Third Party AdvisoryVDB Entry
- https://robotattack.org/Third Party Advisory
- https://support.citrix.com/article/ctx230238Vendor Advisory
- https://www.kb.cert.org/vuls/id/144389Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2017-17382?
CVE-2017-17382 is a vulnerability with a CVSS score of 5.9 (MEDIUM). Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 might allow remote a...
How severe is CVE-2017-17382?
CVE-2017-17382 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-17382?
Check the references section above for vendor advisories and patch information. Affected products include: Citrix Application Delivery Controller Firmware, Citrix Netscaler Gateway Firmware.