Vulnerability in Citrix Application_delivery_controller_firmware
CVE-2017-17382
Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 might allow remote attackers to decrypt TLS ciphertext data…
Vulnerability class: POODLE (CVE-2014-3566)
EPSS: 0.783 (99.0th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 5.9 (Medium). Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N.
Affected products
- Citrix Application_delivery_controller_firmware — versions 10.5, 11.0, 11.1
- Citrix Netscaler_gateway_firmware — versions 10.5, 11.0, 11.1
- N/a — versions n/a
Weakness classification (CWE)
Public proof-of-concept exploits
References
- cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
- cve@mitre.org (Third Party Advisory, x_refsource_MISC)
- cve@mitre.org (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
- cve@mitre.org (US Government Resource, x_refsource_CERT-VN, Third Party Advisory, third-party-advisory)
- cve@mitre.org (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_SECTRACK)
Frequently asked questions
- What is CVE-2017-17382?
- CVE-2017-17382 is a medium-severity vulnerability in Citrix Application_delivery_controller_firmware, classified under Use of a Broken or Risky Cryptographic Algorithm. CVSS score: 5.9/10. Published 2017-12-13.
- How severe is CVE-2017-17382?
- Medium severity. CVSS v3 base score is 5.9 out of 10.
- Is CVE-2017-17382 known to be exploited?
- 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.