Published: 08/02/2017 Updated: 14/03/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Subscribe to Netscaler Application Delivery Controller Firmware

Citrix NetScaler ADC and NetScaler Gateway 10.5 before Build 65.11, 11.0 before Build 69.12/69.123, and 11.1 before Build 51.21 randomly generates GCM nonces, which makes it marginally easier for remote malicious users to obtain the GCM authentication key and spoof data by leveraging a reused nonce in a session and a "forbidden attack," a similar issue to CVE-2016-0270.

Vulnerable Product	Search on Vulmon	Subscribe to Product
citrix netscaler application delivery controller firmware

Description of Problem A flaw in NetScaler ADC and Gateway causes GCM nonces to be randomly generated, making it marginally easier for remote attackers to obtain the GCM authentication key and spoof data within a session The following vulnerability has been addressed: CVE-2017-5933: Vulnerability in Citrix NetScaler Application Delivery Controller ...

Nonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS

Nonce-Disrespecting Adversaries We provide supplemental material to our research on AES-GCM nonce reuse vulnerabilities in TLS Research paper Nonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS (camera-ready version / Usenix WOOT16) Nonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS (preprint version / IACR ePrint) Online check Onl

CWE-200 https://support.citrix.com/article/CTX220329 https://github.com/nonce-disrespect/nonce-disrespect http://www.securityfocus.com/bid/96151 https://nvd.nist.gov https://github.com/nonce-disrespect/nonce-disrespect https://support.citrix.com/article/CTX220329

CVE-2017-5933

Vulnerability Summary

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect