Details of VAR-201708-0343

ID

VAR-201708-0343

CVE

CVE-2015-3642

TITLE

Citrix NetScaler ADC and NetScaler Gateway Information disclosure vulnerability in device firmware

Trust: 0.8

sources: JVNDB: JVNDB-2015-007684

DESCRIPTION

The TLS and DTLS processing functionality in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway devices with firmware 9.x before 9.3 Build 68.5, 10.0 through Build 78.6, 10.1 before Build 130.13, 10.1.e before Build 130.1302.e, 10.5 before Build 55.8, and 10.5.e before Build 55.8007.e makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE). Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway The device firmware contains an information disclosure vulnerability. This vulnerability CVE-2014-3566 ( alias POODLE) Is a different vulnerability.Information may be obtained. An attacker can exploit this issue to perform man-in-the-middle attacks and obtain sensitive information. Successful exploits will lead to other attacks. Citrix NetScaler Gateway (formerly Citrix Access Gateway Enterprise Edition) is a secure remote access solution. Devices using the following firmware versions are affected: 10.5 to 10.5.54.9, 10.5.e to 10.5 Build 54.9009.e, 10.1 to 10.1 Build 130.10, 10.1.e to 10.1 Build 129.1105.e, 10.0 To 10.0 Build 78.6

Trust: 1.98

sources: NVD: CVE-2015-3642 // JVNDB: JVNDB-2015-007684 // BID: 79912 // VULHUB: VHN-81603

AFFECTED PRODUCTS

vendor:	citrix	model:	netscaler application delivery controller	scope:	eq	version:	-	Trust: 1.0
vendor:	citrix	model:	netscaler gateway	scope:	eq	version:	-	Trust: 1.0
vendor:	citrix	model:	netscaler application delivery controller	scope:	-	version:	-	Trust: 0.8
vendor:	citrix	model:	netscaler gateway	scope:	-	version:	-	Trust: 0.8
vendor:	citrix	model:	netscaler	scope:	eq	version:	10.5	Trust: 0.6
vendor:	citrix	model:	netscaler	scope:	eq	version:	10.1	Trust: 0.6
vendor:	citrix	model:	netscaler	scope:	eq	version:	9.2	Trust: 0.6
vendor:	citrix	model:	netscaler	scope:	eq	version:	10.1e	Trust: 0.6
vendor:	citrix	model:	netscaler	scope:	eq	version:	9.1	Trust: 0.6
vendor:	citrix	model:	netscaler	scope:	eq	version:	10.5e	Trust: 0.6
vendor:	citrix	model:	netscaler	scope:	eq	version:	10.0	Trust: 0.6
vendor:	citrix	model:	netscaler gateway	scope:	eq	version:	9.3.66.5	Trust: 0.3
vendor:	citrix	model:	netscaler gateway	scope:	eq	version:	9.3-62.4	Trust: 0.3
vendor:	citrix	model:	netscaler gateway build	scope:	eq	version:	9.368.3	Trust: 0.3
vendor:	citrix	model:	netscaler gateway	scope:	eq	version:	9.0	Trust: 0.3
vendor:	citrix	model:	netscaler gateway 10.5.e	scope:	-	version:	-	Trust: 0.3
vendor:	citrix	model:	netscaler gateway	scope:	eq	version:	10.5.54.9	Trust: 0.3
vendor:	citrix	model:	netscaler gateway	scope:	eq	version:	10.5.51.10	Trust: 0.3
vendor:	citrix	model:	netscaler gateway	scope:	eq	version:	10.5.50.10	Trust: 0.3
vendor:	citrix	model:	netscaler gateway build 54.9009.e	scope:	eq	version:	10.5	Trust: 0.3
vendor:	citrix	model:	netscaler gateway	scope:	eq	version:	10.5	Trust: 0.3
vendor:	citrix	model:	netscaler gateway 10.1.e	scope:	-	version:	-	Trust: 0.3
vendor:	citrix	model:	netscaler gateway	scope:	eq	version:	10.1.128.8	Trust: 0.3
vendor:	citrix	model:	netscaler gateway	scope:	eq	version:	10.1.123.9	Trust: 0.3
vendor:	citrix	model:	netscaler gateway	scope:	eq	version:	10.1.122.17	Trust: 0.3
vendor:	citrix	model:	netscaler gateway	scope:	eq	version:	10.1-129.11	Trust: 0.3
vendor:	citrix	model:	netscaler gateway	scope:	eq	version:	10.1-128.8003	Trust: 0.3
vendor:	citrix	model:	netscaler gateway	scope:	eq	version:	10.1-126.12	Trust: 0.3
vendor:	citrix	model:	netscaler gateway	scope:	eq	version:	10.1-120.1316	Trust: 0.3
vendor:	citrix	model:	netscaler gateway build	scope:	eq	version:	10.1130.10	Trust: 0.3
vendor:	citrix	model:	netscaler gateway build	scope:	eq	version:	10.1129.1105.	Trust: 0.3
vendor:	citrix	model:	netscaler gateway	scope:	eq	version:	10.1	Trust: 0.3
vendor:	citrix	model:	netscaler gateway build	scope:	eq	version:	10.078.6	Trust: 0.3
vendor:	citrix	model:	netscaler gateway	scope:	eq	version:	10.0	Trust: 0.3
vendor:	citrix	model:	netscaler application delivery controller	scope:	eq	version:	9.3-66.5	Trust: 0.3
vendor:	citrix	model:	netscaler application delivery controller	scope:	eq	version:	9.3-64.4	Trust: 0.3
vendor:	citrix	model:	netscaler application delivery controller	scope:	eq	version:	9.3-62.4	Trust: 0.3
vendor:	citrix	model:	netscaler application delivery controller build	scope:	eq	version:	9.368.3	Trust: 0.3
vendor:	citrix	model:	netscaler application delivery controller	scope:	eq	version:	9.3	Trust: 0.3
vendor:	citrix	model:	netscaler application delivery controller	scope:	eq	version:	9.0	Trust: 0.3
vendor:	citrix	model:	netscaler application delivery controller 10.5.e	scope:	-	version:	-	Trust: 0.3
vendor:	citrix	model:	netscaler application delivery controller	scope:	eq	version:	10.5.54.9	Trust: 0.3
vendor:	citrix	model:	netscaler application delivery controller	scope:	eq	version:	10.5.51.10	Trust: 0.3
vendor:	citrix	model:	netscaler application delivery controller	scope:	eq	version:	10.5.50.10	Trust: 0.3
vendor:	citrix	model:	netscaler application delivery controller build 54.9009.e	scope:	eq	version:	10.5	Trust: 0.3
vendor:	citrix	model:	netscaler application delivery controller build	scope:	eq	version:	10.553.9	Trust: 0.3
vendor:	citrix	model:	netscaler application delivery controller	scope:	eq	version:	10.5	Trust: 0.3
vendor:	citrix	model:	netscaler application delivery controller 10.1.e	scope:	-	version:	-	Trust: 0.3
vendor:	citrix	model:	netscaler application delivery controller	scope:	eq	version:	10.1.128.8	Trust: 0.3
vendor:	citrix	model:	netscaler application delivery controller	scope:	eq	version:	10.1.122.17	Trust: 0.3
vendor:	citrix	model:	netscaler application delivery controller	scope:	eq	version:	10.1-129.11	Trust: 0.3
vendor:	citrix	model:	netscaler application delivery controller	scope:	eq	version:	10.1-128.8003	Trust: 0.3
vendor:	citrix	model:	netscaler application delivery controller	scope:	eq	version:	10.1-126.12	Trust: 0.3
vendor:	citrix	model:	netscaler application delivery controller	scope:	eq	version:	10.1-120.1316	Trust: 0.3
vendor:	citrix	model:	netscaler application delivery controller	scope:	eq	version:	10.1-118.7	Trust: 0.3
vendor:	citrix	model:	netscaler application delivery controller build	scope:	eq	version:	10.1130.10	Trust: 0.3
vendor:	citrix	model:	netscaler application delivery controller build	scope:	eq	version:	10.1129.1105.	Trust: 0.3
vendor:	citrix	model:	netscaler application delivery controller	scope:	eq	version:	10.1	Trust: 0.3
vendor:	citrix	model:	netscaler application delivery controller	scope:	eq	version:	10.0-77.5	Trust: 0.3
vendor:	citrix	model:	netscaler application delivery controller build	scope:	eq	version:	10.078.6	Trust: 0.3
vendor:	citrix	model:	netscaler application delivery controller	scope:	eq	version:	10.0	Trust: 0.3
vendor:	citrix	model:	netscaler gateway build	scope:	ne	version:	9.368.5	Trust: 0.3
vendor:	citrix	model:	netscaler gateway build 55.8007.e	scope:	ne	version:	10.5	Trust: 0.3
vendor:	citrix	model:	netscaler gateway build	scope:	ne	version:	10.555.8	Trust: 0.3
vendor:	citrix	model:	netscaler gateway build	scope:	ne	version:	10.1130.1302.	Trust: 0.3
vendor:	citrix	model:	netscaler gateway build	scope:	ne	version:	10.1130.13	Trust: 0.3
vendor:	citrix	model:	netscaler gateway build	scope:	ne	version:	10.078.7	Trust: 0.3
vendor:	citrix	model:	netscaler application delivery controller build	scope:	ne	version:	9.368.5	Trust: 0.3
vendor:	citrix	model:	netscaler application delivery controller build 55.8007.e	scope:	ne	version:	10.5	Trust: 0.3
vendor:	citrix	model:	netscaler application delivery controller build	scope:	ne	version:	10.555.8	Trust: 0.3
vendor:	citrix	model:	netscaler application delivery controller build	scope:	ne	version:	10.1130.1302.	Trust: 0.3
vendor:	citrix	model:	netscaler application delivery controller build	scope:	ne	version:	10.1130.13	Trust: 0.3
vendor:	citrix	model:	netscaler application delivery controller build	scope:	ne	version:	10.078.7	Trust: 0.3

sources: BID: 79912 // JVNDB: JVNDB-2015-007684 // CNNVD: CNNVD-201601-255 // NVD: CVE-2015-3642

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-3642
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-3642
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201601-255
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-81603
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-3642
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-81603
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2015-3642
baseSeverity:	MEDIUM
baseScore:	5.9
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.2
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-81603 // JVNDB: JVNDB-2015-007684 // CNNVD: CNNVD-201601-255 // NVD: CVE-2015-3642

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-81603 // JVNDB: JVNDB-2015-007684 // NVD: CVE-2015-3642

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201601-255

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201601-255

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-007684

PATCH

title:

CTX200378

url:

https://support.citrix.com/article/CTX200378

Trust: 0.8

sources: JVNDB: JVNDB-2015-007684

EXTERNAL IDS

db:	NVD	id:	CVE-2015-3642	Trust: 2.8
db:	BID	id:	79912	Trust: 1.0
db:	JVNDB	id:	JVNDB-2015-007684	Trust: 0.8
db:	CNNVD	id:	CNNVD-201601-255	Trust: 0.7
db:	NSFOCUS	id:	37282	Trust: 0.6
db:	VULHUB	id:	VHN-81603	Trust: 0.1

sources: VULHUB: VHN-81603 // BID: 79912 // JVNDB: JVNDB-2015-007684 // CNNVD: CNNVD-201601-255 // NVD: CVE-2015-3642

REFERENCES

url:	http://support.citrix.com/article/ctx200378	Trust: 2.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3642	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3642	Trust: 0.8
url:	http://www.securityfocus.com/bid/79912	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/37282	Trust: 0.6
url:	http://www.citrix.com	Trust: 0.3

sources: VULHUB: VHN-81603 // BID: 79912 // JVNDB: JVNDB-2015-007684 // CNNVD: CNNVD-201601-255 // NVD: CVE-2015-3642

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 79912

SOURCES

db:	VULHUB	id:	VHN-81603
db:	BID	id:	79912
db:	JVNDB	id:	JVNDB-2015-007684
db:	CNNVD	id:	CNNVD-201601-255
db:	NVD	id:	CVE-2015-3642

LAST UPDATE DATE

2024-11-23T22:17:50.273000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-81603	date:	2017-08-09T00:00:00
db:	BID	id:	79912	date:	2016-02-02T20:26:00
db:	JVNDB	id:	JVNDB-2015-007684	date:	2017-09-04T00:00:00
db:	CNNVD	id:	CNNVD-201601-255	date:	2017-08-03T00:00:00
db:	NVD	id:	CVE-2015-3642	date:	2024-11-21T02:29:33.240

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-81603	date:	2017-08-02T00:00:00
db:	BID	id:	79912	date:	2015-01-20T00:00:00
db:	JVNDB	id:	JVNDB-2015-007684	date:	2017-09-04T00:00:00
db:	CNNVD	id:	CNNVD-201601-255	date:	2015-01-20T00:00:00
db:	NVD	id:	CVE-2015-3642	date:	2017-08-02T19:29:00.477