Sign-up

ID

VAR-201702-0606


CVE

CVE-2017-5933


TITLE

Citrix NetScaler ADC and NetScaler Gateway In GCM Vulnerability to obtain authentication key

Trust: 0.8

sources: JVNDB: JVNDB-2017-002216

DESCRIPTION

Citrix NetScaler ADC and NetScaler Gateway 10.5 before Build 65.11, 11.0 before Build 69.12/69.123, and 11.1 before Build 51.21 randomly generates GCM nonces, which makes it marginally easier for remote attackers to obtain the GCM authentication key and spoof data by leveraging a reused nonce in a session and a "forbidden attack," a similar issue to CVE-2016-0270. Citrix NetScaler Application Delivery Controller and Gateway are prone to an information disclosure vulnerability. An attacker can exploit this issue to perform man-in-the-middle attacks and obtain sensitive information. Successful exploits will lead to other attacks. The following versions are affected: Citrix NetScaler ADC and NetScaler Gateway 10.5 prior to 10.5 Build 65.11, 11.0 prior to 11.0 Build 69.12/69.123, 11.1 prior to 11.1 Build 51.21

Trust: 1.98

sources: NVD: CVE-2017-5933 // JVNDB: JVNDB-2017-002216 // BID: 96151 // VULHUB: VHN-114136

AFFECTED PRODUCTS

vendor:citrixmodel:netscaler application delivery controllerscope:lteversion:10.5.65.11

Trust: 1.0

vendor:citrixmodel:netscaler application delivery controllerscope:lteversion:11.0.69.12

Trust: 1.0

vendor:citrixmodel:netscaler application delivery controllerscope:lteversion:11.1.51.21

Trust: 1.0

vendor:citrixmodel:netscaler gatewayscope:ltversion:10.5

Trust: 0.8

vendor:citrixmodel:netscaler application delivery controllerscope:ltversion:11.0

Trust: 0.8

vendor:citrixmodel:netscaler gatewayscope:ltversion:11.1

Trust: 0.8

vendor:citrixmodel:netscaler gatewayscope:eqversion:11.1 build 51.21

Trust: 0.8

vendor:citrixmodel:netscaler gatewayscope:ltversion:11.0

Trust: 0.8

vendor:citrixmodel:netscaler gatewayscope:eqversion:11.0 build 69.12/69.123

Trust: 0.8

vendor:citrixmodel:netscaler application delivery controllerscope: - version: -

Trust: 0.8

vendor:citrixmodel:netscaler gatewayscope:eqversion:10.5 build 65.11

Trust: 0.8

vendor:citrixmodel:netscaler application delivery controllerscope:eqversion:11.0 build 69.12/69.123

Trust: 0.8

vendor:citrixmodel:netscaler application delivery controllerscope:ltversion:11.1

Trust: 0.8

vendor:citrixmodel:netscaler application delivery controllerscope:eqversion:11.1 build 51.21

Trust: 0.8

vendor:citrixmodel:netscaler gatewayscope: - version: -

Trust: 0.8

vendor:citrixmodel:netscaler application delivery controllerscope:ltversion:10.5

Trust: 0.8

vendor:citrixmodel:netscaler application delivery controllerscope:eqversion:10.5 build 65.11

Trust: 0.8

vendor:citrixmodel:netscaler application delivery controllerscope:eqversion:11.1.51.21

Trust: 0.6

vendor:citrixmodel:netscaler application delivery controllerscope:eqversion:10.5.65.11

Trust: 0.6

vendor:citrixmodel:netscaler application delivery controllerscope:eqversion:11.0.69.12

Trust: 0.6

vendor:citrixmodel:netscaler gatewayscope:eqversion:9.3.66.5

Trust: 0.3

vendor:citrixmodel:netscaler gatewayscope:eqversion:9.3-62.4

Trust: 0.3

vendor:citrixmodel:netscaler gateway buildscope:eqversion:9.368.3

Trust: 0.3

vendor:citrixmodel:netscaler gatewayscope:eqversion:9.0

Trust: 0.3

vendor:citrixmodel:netscaler gatewayscope:eqversion:11.1

Trust: 0.3

vendor:citrixmodel:netscaler gateway buildscope:eqversion:11.066.11

Trust: 0.3

vendor:citrixmodel:netscaler gateway buildscope:eqversion:11.065.31

Trust: 0.3

vendor:citrixmodel:netscaler gateway buildscope:eqversion:11.064.34

Trust: 0.3

vendor:citrixmodel:netscaler gatewayscope:eqversion:11.0

Trust: 0.3

vendor:citrixmodel:netscaler gateway 10.5.escope: - version: -

Trust: 0.3

vendor:citrixmodel:netscaler gatewayscope:eqversion:10.5.54.9

Trust: 0.3

vendor:citrixmodel:netscaler gatewayscope:eqversion:10.5.51.10

Trust: 0.3

vendor:citrixmodel:netscaler gatewayscope:eqversion:10.5.50.10

Trust: 0.3

vendor:citrixmodel:netscaler gateway buildscope:eqversion:10.559.13

Trust: 0.3

vendor:citrixmodel:netscaler gateway buildscope:eqversion:10.558.11

Trust: 0.3

vendor:citrixmodel:netscaler gateway buildscope:eqversion:10.556.15

Trust: 0.3

vendor:citrixmodel:netscaler gateway build 55.8007.escope:eqversion:10.5

Trust: 0.3

vendor:citrixmodel:netscaler gateway buildscope:eqversion:10.555.8

Trust: 0.3

vendor:citrixmodel:netscaler gateway build 54.9009.escope:eqversion:10.5

Trust: 0.3

vendor:citrixmodel:netscaler gatewayscope:eqversion:10.5

Trust: 0.3

vendor:citrixmodel:netscaler gateway 10.1.escope: - version: -

Trust: 0.3

vendor:citrixmodel:netscaler gatewayscope:eqversion:10.1.128.8

Trust: 0.3

vendor:citrixmodel:netscaler gatewayscope:eqversion:10.1.123.9

Trust: 0.3

vendor:citrixmodel:netscaler gatewayscope:eqversion:10.1.122.17

Trust: 0.3

vendor:citrixmodel:netscaler gatewayscope:eqversion:10.1-129.11

Trust: 0.3

vendor:citrixmodel:netscaler gatewayscope:eqversion:10.1-128.8003

Trust: 0.3

vendor:citrixmodel:netscaler gatewayscope:eqversion:10.1-126.12

Trust: 0.3

vendor:citrixmodel:netscaler gatewayscope:eqversion:10.1-120.1316

Trust: 0.3

vendor:citrixmodel:netscaler gateway buildscope:eqversion:10.1130.10

Trust: 0.3

vendor:citrixmodel:netscaler gateway buildscope:eqversion:10.1129.1105.

Trust: 0.3

vendor:citrixmodel:netscaler gatewayscope:eqversion:10.1

Trust: 0.3

vendor:citrixmodel:netscaler gateway buildscope:eqversion:10.078.6

Trust: 0.3

vendor:citrixmodel:netscaler gatewayscope:eqversion:10.0

Trust: 0.3

vendor:citrixmodel:netscaler application delivery controllerscope:eqversion:11.1

Trust: 0.3

vendor:citrixmodel:netscaler application delivery controllerscope:eqversion:11.0

Trust: 0.3

vendor:citrixmodel:netscaler application delivery controller buildscope:eqversion:10.556.15

Trust: 0.3

vendor:citrixmodel:netscaler application delivery controller build 55.8007.escope:eqversion:10.5

Trust: 0.3

vendor:citrixmodel:netscaler application delivery controller buildscope:eqversion:10.555.8

Trust: 0.3

vendor:citrixmodel:netscaler application delivery controller build 54.9009.escope:eqversion:10.5

Trust: 0.3

vendor:citrixmodel:netscaler application delivery controller buildscope:eqversion:10.553.9

Trust: 0.3

vendor:citrixmodel:netscaler application delivery controllerscope:eqversion:10.5

Trust: 0.3

vendor:citrixmodel:netscaler gateway buildscope:neversion:11.151.21

Trust: 0.3

vendor:citrixmodel:netscaler gateway buildscope:neversion:11.069.123

Trust: 0.3

vendor:citrixmodel:netscaler gateway buildscope:neversion:11.069.12

Trust: 0.3

vendor:citrixmodel:netscaler gateway buildscope:neversion:10.565.11

Trust: 0.3

vendor:citrixmodel:netscaler application delivery controller buildscope:neversion:11.151.21

Trust: 0.3

vendor:citrixmodel:netscaler application delivery controller buildscope:neversion:11.069.12

Trust: 0.3

vendor:citrixmodel:netscaler application delivery controller buildscope:neversion:11.069.123

Trust: 0.3

vendor:citrixmodel:netscaler application delivery controller buildscope:neversion:10.565.11

Trust: 0.3

sources: BID: 96151 // JVNDB: JVNDB-2017-002216 // CNNVD: CNNVD-201702-282 // NVD: CVE-2017-5933

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-5933
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-5933
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201702-282
value: MEDIUM

Trust: 0.6

VULHUB: VHN-114136
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-5933
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-114136
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-5933
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-114136 // JVNDB: JVNDB-2017-002216 // CNNVD: CNNVD-201702-282 // NVD: CVE-2017-5933

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-114136 // JVNDB: JVNDB-2017-002216 // NVD: CVE-2017-5933

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201702-282

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201702-282

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-002216

PATCH
title:CTX220329url:https://support.citrix.com/article/CTX220329
Trust: 0.8
title:Citrix NetScaler ADC  and NetScaler Gateway Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=67567
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-002216 // 
            
            
            
            CNNVD: CNNVD-201702-282

EXTERNAL IDS
db:NVDid:CVE-2017-5933
Trust: 2.8
db:BIDid:96151
Trust: 1.4
db:JVNDBid:JVNDB-2017-002216
Trust: 0.8
db:CNNVDid:CNNVD-201702-282
Trust: 0.7
db:VULHUBid:VHN-114136
Trust: 0.1
sources:
            
            
            VULHUB: VHN-114136 // 
            
            
            
            BID: 96151 // 
            
            
            
            JVNDB: JVNDB-2017-002216 // 
            
            
            
            CNNVD: CNNVD-201702-282 // 
            
            
            
            NVD: CVE-2017-5933

REFERENCES
url:https://github.com/nonce-disrespect/nonce-disrespect
Trust: 2.5
url:https://support.citrix.com/article/ctx220329
Trust: 2.0
url:http://www.securityfocus.com/bid/96151
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5933
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-5933
Trust: 0.8
url:http://www.citrix.com
Trust: 0.3
url:https://github.com/nonce-disrespect/nonce-disrespect/blob/master/readme.md
Trust: 0.3
url:https://eprint.iacr.org/2016/475.pdf
Trust: 0.3
sources:
            
            
            VULHUB: VHN-114136 // 
            
            
            
            BID: 96151 // 
            
            
            
            JVNDB: JVNDB-2017-002216 // 
            
            
            
            CNNVD: CNNVD-201702-282 // 
            
            
            
            NVD: CVE-2017-5933

CREDITS
Hanno Böck
Trust: 0.3
sources:
            
            
            BID: 96151

SOURCES
db:VULHUBid:VHN-114136
db:BIDid:96151
db:JVNDBid:JVNDB-2017-002216
db:CNNVDid:CNNVD-201702-282
db:NVDid:CVE-2017-5933

LAST UPDATE DATE
2024-11-23T22:18:06.088000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-114136date:2017-03-14T00:00:00
db:BIDid:96151date:2017-03-07T03:02:00
db:JVNDBid:JVNDB-2017-002216date:2017-04-03T00:00:00
db:CNNVDid:CNNVD-201702-282date:2017-02-09T00:00:00
db:NVDid:CVE-2017-5933date:2024-11-21T03:28:41.960

SOURCES RELEASE DATE
db:VULHUBid:VHN-114136date:2017-02-08T00:00:00
db:BIDid:96151date:2017-02-06T00:00:00
db:JVNDBid:JVNDB-2017-002216date:2017-04-03T00:00:00
db:CNNVDid:CNNVD-201702-282date:2017-02-09T00:00:00
db:NVDid:CVE-2017-5933date:2017-02-08T16:59:00.290