Vulnerability Description
Citrix NetScaler Gateway 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 and Application Delivery Controller (ADC) 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 allow remote attackers to obtain sensitive plaintext information because of a TLS Padding Oracle Vulnerability when CBC-based cipher suites are enabled.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Citrix | Netscaler Gateway Firmware | 10.5 |
| Citrix | Netscaler Gateway | - |
| Citrix | Netscaler Application Delivery Controller Firmware | 10.5 |
| Citrix | Netscaler Application Delivery Controller | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/106783Third Party AdvisoryVDB Entry
- https://github.com/RUB-NDS/TLS-Padding-OraclesProductThird Party Advisory
- https://support.citrix.com/article/CTX240139MitigationPatchVendor Advisory
- http://www.securityfocus.com/bid/106783Third Party AdvisoryVDB Entry
- https://github.com/RUB-NDS/TLS-Padding-OraclesProductThird Party Advisory
- https://support.citrix.com/article/CTX240139MitigationPatchVendor Advisory
FAQ
What is CVE-2019-6485?
CVE-2019-6485 is a vulnerability with a CVSS score of 5.9 (MEDIUM). Citrix NetScaler Gateway 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 and Application Delivery Controller (ADC) 12.1 be...
How severe is CVE-2019-6485?
CVE-2019-6485 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-6485?
Check the references section above for vendor advisories and patch information. Affected products include: Citrix Netscaler Gateway Firmware, Citrix Netscaler Gateway, Citrix Netscaler Application Delivery Controller Firmware, Citrix Netscaler Application Delivery Controller.