Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2017-17549

Published: 13/12/2017 Updated: 05/01/2018
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Subscribe to Application Delivery Controller Firmware

Vulnerability Summary

Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 allow remote malicious users to obtain sensitive information from the backend client TLS handshake by leveraging use of TLS with Client Certificates and a Diffie-Hellman Ephemeral (DHE) key exchange.

Vulnerable Product Search on Vulmon Subscribe to Product

citrix application delivery controller firmware 10.5

citrix application delivery controller firmware 11.0

citrix application delivery controller firmware 11.1

citrix application delivery controller firmware 12.0

citrix netscaler gateway firmware 10.5

citrix netscaler gateway firmware 11.1

citrix netscaler gateway firmware 12.0

citrix netscaler gateway firmware 11.0

Vendor Advisories

Citrix Security Bulletins: CVE-2017-17549 - Information Disclosure in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway Client TLS Handshake
Description of Problem A vulnerability has been identified in the Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway Packet Engine that could result in the disclosure of cleartext traffic from the backend client TLS handshake  This vulnerability only affects connections between a Citrix Netscaler ADC or NetScaler Gat ...

References

CWE-200https://support.citrix.com/article/ctx230612http://www.securitytracker.com/id/1040011http://www.securityfocus.com/bid/102177https://nvd.nist.govhttps://support.citrix.com/article/CTX230612
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook