Details of VAR-201712-0855

ID

VAR-201712-0855

CVE

CVE-2017-17549

TITLE

Citrix NetScaler Application Delivery Controller and NetScaler Gateway Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2017-011644

DESCRIPTION

Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 allow remote attackers to obtain sensitive information from the backend client TLS handshake by leveraging use of TLS with Client Certificates and a Diffie-Hellman Ephemeral (DHE) key exchange. Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway Contains an information disclosure vulnerability.Information may be obtained. Multiple Citrix Products are prone to an information-disclosure vulnerability. An attacker can exploit this issue to perform man-in-the-middle attacks and obtain sensitive information. Successful exploits will lead to other attacks. Security vulnerabilities exist in Citrix NetScaler ADC and NetScaler Gateway. The following products and versions are affected: Citrix NetScaler Application Delivery Controller 10.5 prior to 10.5 build 67.13, 11.0 prior to 11.0 build 71.22, 11.1 prior to 11.1 build 56.19, 12.0 prior to 12.0 build 53.22; NetScaler Gateway 10.5 prior to build 53.22 10.5 versions before 11.0 build 71.22, 11.1 versions before 11.1 build 56.19, 12.0 versions before 12.0 build 53.22

Trust: 1.98

sources: NVD: CVE-2017-17549 // JVNDB: JVNDB-2017-011644 // BID: 102177 // VULHUB: VHN-108582

AFFECTED PRODUCTS

vendor:	citrix	model:	netscaler gateway	scope:	eq	version:	12.0	Trust: 1.9
vendor:	citrix	model:	netscaler gateway	scope:	eq	version:	11.1	Trust: 1.9
vendor:	citrix	model:	netscaler gateway	scope:	eq	version:	11.0	Trust: 1.9
vendor:	citrix	model:	netscaler gateway	scope:	eq	version:	10.5	Trust: 1.9
vendor:	citrix	model:	application delivery controller	scope:	eq	version:	11.1	Trust: 1.6
vendor:	citrix	model:	application delivery controller	scope:	eq	version:	10.5	Trust: 1.6
vendor:	citrix	model:	application delivery controller	scope:	eq	version:	12.0	Trust: 1.6
vendor:	citrix	model:	application delivery controller	scope:	eq	version:	11.0	Trust: 1.6
vendor:	citrix	model:	netscaler application delivery controller	scope:	eq	version:	11.0 build 71.22	Trust: 0.8
vendor:	citrix	model:	netscaler application delivery controller	scope:	eq	version:	10.5 build 67.13	Trust: 0.8
vendor:	citrix	model:	netscaler gateway	scope:	lt	version:	10.5	Trust: 0.8
vendor:	citrix	model:	netscaler application delivery controller	scope:	lt	version:	11.0	Trust: 0.8
vendor:	citrix	model:	netscaler gateway	scope:	lt	version:	11.1	Trust: 0.8
vendor:	citrix	model:	netscaler application delivery controller	scope:	eq	version:	12.0 build 53.22	Trust: 0.8
vendor:	citrix	model:	netscaler gateway	scope:	lt	version:	12.0	Trust: 0.8
vendor:	citrix	model:	netscaler gateway	scope:	lt	version:	11.0	Trust: 0.8
vendor:	citrix	model:	netscaler gateway	scope:	eq	version:	11.1 build 56.19	Trust: 0.8
vendor:	citrix	model:	netscaler gateway	scope:	eq	version:	10.5 build 67.13	Trust: 0.8
vendor:	citrix	model:	netscaler gateway	scope:	eq	version:	11.0 build 71.22	Trust: 0.8
vendor:	citrix	model:	netscaler application delivery controller	scope:	lt	version:	12.0	Trust: 0.8
vendor:	citrix	model:	netscaler application delivery controller	scope:	eq	version:	11.1 build 56.19	Trust: 0.8
vendor:	citrix	model:	netscaler gateway	scope:	eq	version:	12.0 build 53.22	Trust: 0.8
vendor:	citrix	model:	netscaler application delivery controller	scope:	lt	version:	10.5	Trust: 0.8
vendor:	citrix	model:	netscaler application delivery controller	scope:	lt	version:	11.1	Trust: 0.8
vendor:	citrix	model:	netscaler gateway build	scope:	eq	version:	12.053.13	Trust: 0.3
vendor:	citrix	model:	netscaler gateway build	scope:	eq	version:	12.041.24	Trust: 0.3
vendor:	citrix	model:	netscaler gateway build	scope:	eq	version:	11.155.13	Trust: 0.3
vendor:	citrix	model:	netscaler gateway build	scope:	eq	version:	11.152.13	Trust: 0.3
vendor:	citrix	model:	netscaler gateway build	scope:	eq	version:	11.151.21	Trust: 0.3
vendor:	citrix	model:	netscaler gateway build	scope:	eq	version:	11.070.16	Trust: 0.3
vendor:	citrix	model:	netscaler gateway build	scope:	eq	version:	11.070.12	Trust: 0.3
vendor:	citrix	model:	netscaler gateway build	scope:	eq	version:	11.069.123	Trust: 0.3
vendor:	citrix	model:	netscaler gateway build	scope:	eq	version:	11.069.12	Trust: 0.3
vendor:	citrix	model:	netscaler gateway build	scope:	eq	version:	11.066.11	Trust: 0.3
vendor:	citrix	model:	netscaler gateway build	scope:	eq	version:	11.065.31	Trust: 0.3
vendor:	citrix	model:	netscaler gateway build	scope:	eq	version:	11.064.34	Trust: 0.3
vendor:	citrix	model:	netscaler gateway build	scope:	eq	version:	10.566.9	Trust: 0.3
vendor:	citrix	model:	netscaler gateway build	scope:	eq	version:	10.565.11	Trust: 0.3
vendor:	citrix	model:	netscaler gateway build 60.7010.e	scope:	eq	version:	10.5	Trust: 0.3
vendor:	citrix	model:	netscaler gateway build	scope:	eq	version:	10.559.13	Trust: 0.3
vendor:	citrix	model:	netscaler gateway build	scope:	eq	version:	10.558.11	Trust: 0.3
vendor:	citrix	model:	netscaler gateway build	scope:	eq	version:	10.556.15	Trust: 0.3
vendor:	citrix	model:	netscaler gateway build 55.8007.e	scope:	eq	version:	10.5	Trust: 0.3
vendor:	citrix	model:	netscaler gateway build	scope:	eq	version:	10.555.8	Trust: 0.3
vendor:	citrix	model:	netscaler gateway build 54.9009.e	scope:	eq	version:	10.5	Trust: 0.3
vendor:	citrix	model:	netscaler adc build	scope:	eq	version:	12.053.13	Trust: 0.3
vendor:	citrix	model:	netscaler adc build	scope:	eq	version:	12.041.24	Trust: 0.3
vendor:	citrix	model:	netscaler adc	scope:	eq	version:	12.0	Trust: 0.3
vendor:	citrix	model:	netscaler adc build	scope:	eq	version:	11.155.13	Trust: 0.3
vendor:	citrix	model:	netscaler adc build	scope:	eq	version:	11.147.14	Trust: 0.3
vendor:	citrix	model:	netscaler adc	scope:	eq	version:	11.1	Trust: 0.3
vendor:	citrix	model:	netscaler adc build	scope:	eq	version:	11.070.16	Trust: 0.3
vendor:	citrix	model:	netscaler adc build 65.35f	scope:	eq	version:	11.0	Trust: 0.3
vendor:	citrix	model:	netscaler adc build	scope:	eq	version:	11.065.31	Trust: 0.3
vendor:	citrix	model:	netscaler adc build	scope:	eq	version:	11.064.34	Trust: 0.3
vendor:	citrix	model:	netscaler adc	scope:	eq	version:	11.0	Trust: 0.3
vendor:	citrix	model:	netscaler adc build	scope:	eq	version:	10.566.9	Trust: 0.3
vendor:	citrix	model:	netscaler adc build	scope:	eq	version:	10.561.11	Trust: 0.3
vendor:	citrix	model:	netscaler adc build 60.7010.e	scope:	eq	version:	10.5	Trust: 0.3
vendor:	citrix	model:	netscaler adc build	scope:	eq	version:	10.559.13	Trust: 0.3
vendor:	citrix	model:	netscaler adc build	scope:	eq	version:	10.558.11	Trust: 0.3
vendor:	citrix	model:	netscaler adc	scope:	eq	version:	10.5	Trust: 0.3
vendor:	citrix	model:	netscaler gateway build	scope:	ne	version:	12.053.22	Trust: 0.3
vendor:	citrix	model:	netscaler gateway build	scope:	ne	version:	11.156.19	Trust: 0.3
vendor:	citrix	model:	netscaler gateway build	scope:	ne	version:	11.071.22	Trust: 0.3
vendor:	citrix	model:	netscaler gateway build	scope:	ne	version:	10.567.13	Trust: 0.3
vendor:	citrix	model:	netscaler adc build	scope:	ne	version:	12.053.22	Trust: 0.3
vendor:	citrix	model:	netscaler adc build	scope:	ne	version:	11.156.19	Trust: 0.3
vendor:	citrix	model:	netscaler adc build	scope:	ne	version:	11.071.22	Trust: 0.3
vendor:	citrix	model:	netscaler adc build	scope:	ne	version:	10.567.13	Trust: 0.3

sources: BID: 102177 // JVNDB: JVNDB-2017-011644 // CNNVD: CNNVD-201712-450 // NVD: CVE-2017-17549

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-17549
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-17549
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201712-450
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-108582
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-17549
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-108582
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-17549
baseSeverity:	MEDIUM
baseScore:	5.9
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.2
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-108582 // JVNDB: JVNDB-2017-011644 // CNNVD: CNNVD-201712-450 // NVD: CVE-2017-17549

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-108582 // JVNDB: JVNDB-2017-011644 // NVD: CVE-2017-17549

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201712-450

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201712-450

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-011644

PATCH

title:	CTX230612	url:	https://support.citrix.com/article/CTX230612	Trust: 0.8
title:	Citrix Systems NetScaler Application Delivery Controller and NetScaler Gateway Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77133	Trust: 0.6

sources: JVNDB: JVNDB-2017-011644 // CNNVD: CNNVD-201712-450

EXTERNAL IDS

db:	NVD	id:	CVE-2017-17549	Trust: 2.8
db:	BID	id:	102177	Trust: 1.4
db:	SECTRACK	id:	1040011	Trust: 1.1
db:	JVNDB	id:	JVNDB-2017-011644	Trust: 0.8
db:	CNNVD	id:	CNNVD-201712-450	Trust: 0.7
db:	VULHUB	id:	VHN-108582	Trust: 0.1

sources: VULHUB: VHN-108582 // BID: 102177 // JVNDB: JVNDB-2017-011644 // CNNVD: CNNVD-201712-450 // NVD: CVE-2017-17549

REFERENCES

url:	https://support.citrix.com/article/ctx230612	Trust: 2.0
url:	http://www.securityfocus.com/bid/102177	Trust: 1.1
url:	http://www.securitytracker.com/id/1040011	Trust: 1.1
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17549	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-17549	Trust: 0.8
url:	http://www.citrix.com	Trust: 0.3

sources: VULHUB: VHN-108582 // BID: 102177 // JVNDB: JVNDB-2017-011644 // CNNVD: CNNVD-201712-450 // NVD: CVE-2017-17549

CREDITS

IBM Security Team.

Trust: 0.3

sources: BID: 102177

SOURCES

db:	VULHUB	id:	VHN-108582
db:	BID	id:	102177
db:	JVNDB	id:	JVNDB-2017-011644
db:	CNNVD	id:	CNNVD-201712-450
db:	NVD	id:	CVE-2017-17549

LAST UPDATE DATE

2024-11-23T22:59:08.091000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-108582	date:	2018-01-05T00:00:00
db:	BID	id:	102177	date:	2017-12-19T22:38:00
db:	JVNDB	id:	JVNDB-2017-011644	date:	2018-01-23T00:00:00
db:	CNNVD	id:	CNNVD-201712-450	date:	2017-12-14T00:00:00
db:	NVD	id:	CVE-2017-17549	date:	2024-11-21T03:18:08.443

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-108582	date:	2017-12-13T00:00:00
db:	BID	id:	102177	date:	2017-12-12T00:00:00
db:	JVNDB	id:	JVNDB-2017-011644	date:	2018-01-23T00:00:00
db:	CNNVD	id:	CNNVD-201712-450	date:	2017-12-12T00:00:00
db:	NVD	id:	CVE-2017-17549	date:	2017-12-13T16:29:00.393