CVE-2017-17549 – Information Disclosure in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway Client TLS Handshake

A vulnerability has been identified in the Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway Packet Engine that could result in the disclosure of cleartext traffic from the backend client TLS handshake.

This vulnerability only affects connections between a Citrix Netscaler ADC or NetScaler Gateway virtual appliance and a backend server where both TLS with client certificates is enabled and where a Diffie-Hellman Ephemeral (DHE) key exchange is used.

Citrix NetScaler MPX and NetScaler SDX hardware appliances are not impacted by this vulnerability.

This vulnerability has been assigned the following CVE:

  • CVE-2017-17549: Information Disclosure in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway Client TLS Handshake

This vulnerability affects the following versions of Citrix NetScaler ADC and NetScaler Gateway virtual appliances:

  • Citrix NetScaler ADC and NetScaler Gateway version 12.0 earlier than build 53.22
  • Citrix NetScaler ADC and NetScaler Gateway version 11.1 earlier than build 56.19
  • Citrix NetScaler ADC and NetScaler Gateway version 11.0 earlier than build 71.22
  • Citrix NetScaler ADC and NetScaler Gateway version 10.5 earlier than build 67.13

Related:

  • No Related Posts

Leave a Reply