Vulnerability Description
Citrix NetScaler ADC and NetScaler Gateway 10.5 before Build 65.11, 11.0 before Build 69.12/69.123, and 11.1 before Build 51.21 randomly generates GCM nonces, which makes it marginally easier for remote attackers to obtain the GCM authentication key and spoof data by leveraging a reused nonce in a session and a "forbidden attack," a similar issue to CVE-2016-0270.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Citrix | Netscaler Application Delivery Controller Firmware | <= 10.5.65.11 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/96151Third Party AdvisoryVDB Entry
- https://github.com/nonce-disrespect/nonce-disrespectThird Party Advisory
- https://support.citrix.com/article/CTX220329Vendor Advisory
- http://www.securityfocus.com/bid/96151Third Party AdvisoryVDB Entry
- https://github.com/nonce-disrespect/nonce-disrespectThird Party Advisory
- https://support.citrix.com/article/CTX220329Vendor Advisory
FAQ
What is CVE-2017-5933?
CVE-2017-5933 is a vulnerability with a CVSS score of 5.9 (MEDIUM). Citrix NetScaler ADC and NetScaler Gateway 10.5 before Build 65.11, 11.0 before Build 69.12/69.123, and 11.1 before Build 51.21 randomly generates GCM nonces, which makes it marginally easier for remo...
How severe is CVE-2017-5933?
CVE-2017-5933 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-5933?
Check the references section above for vendor advisories and patch information. Affected products include: Citrix Netscaler Application Delivery Controller Firmware.