Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMitreCVE-2017-17549
HistoryDec 13, 2017 - 4:29 p.m.

CVE-2017-17549

2017-12-1316:29:00
CWE-200
mitre
web.nvd.nist.gov
29
citrix
netscaler
adc
gateway
tls
info disclosure
cve-2017-17549

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

46.5%

JSON

Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 allow remote attackers to obtain sensitive information from the backend client TLS handshake by leveraging use of TLS with Client Certificates and a Diffie-Hellman Ephemeral (DHE) key exchange.

Affected configurations

Nvd
Node
citrixapplication_delivery_controller_firmwareMatch10.5
OR
citrixapplication_delivery_controller_firmwareMatch11.0
OR
citrixapplication_delivery_controller_firmwareMatch11.1
OR
citrixapplication_delivery_controller_firmwareMatch12.0
Node
citrixnetscaler_gateway_firmwareMatch10.5
OR
citrixnetscaler_gateway_firmwareMatch11.0
OR
citrixnetscaler_gateway_firmwareMatch11.1
OR
citrixnetscaler_gateway_firmwareMatch12.0
VendorProductVersionCPE
citrixapplication_delivery_controller_firmware10.5cpe:2.3:o:citrix:application_delivery_controller_firmware:10.5:*:*:*:*:*:*:*
citrixapplication_delivery_controller_firmware11.0cpe:2.3:o:citrix:application_delivery_controller_firmware:11.0:*:*:*:*:*:*:*
citrixapplication_delivery_controller_firmware11.1cpe:2.3:o:citrix:application_delivery_controller_firmware:11.1:*:*:*:*:*:*:*
citrixapplication_delivery_controller_firmware12.0cpe:2.3:o:citrix:application_delivery_controller_firmware:12.0:*:*:*:*:*:*:*
citrixnetscaler_gateway_firmware10.5cpe:2.3:o:citrix:netscaler_gateway_firmware:10.5:*:*:*:*:*:*:*
citrixnetscaler_gateway_firmware11.0cpe:2.3:o:citrix:netscaler_gateway_firmware:11.0:*:*:*:*:*:*:*
citrixnetscaler_gateway_firmware11.1cpe:2.3:o:citrix:netscaler_gateway_firmware:11.1:*:*:*:*:*:*:*
citrixnetscaler_gateway_firmware12.0cpe:2.3:o:citrix:netscaler_gateway_firmware:12.0:*:*:*:*:*:*:*

Related

cvelist 1
citrix 1
prion 1
nvd 1
nessus 1
cvelist
cvelist
CVE-2017-17549
2017-12-13 16:00:00
citrix
citrix
CVE-2017-17549 - Information Disclosure in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway Client TLS Handshake
2017-12-12 05:00:00
prion
prion
Information disclosure
2017-12-13 16:29:00
nvd
nvd
CVE-2017-17549
2017-12-13 16:29:00
nessus
nessus
Citrix NetScaler Multiple Vulnerabilities (CTX230238, CTX230612)
2017-12-19 00:00:00

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

46.5%

JSON
Related for CVE-2017-17549
cvelist1citrix1prion1nvd1nessus1