TLS and DTLS Vulnerability in Citrix NetScaler Application Delivery Controller and Gateway
CVE-2015-3642

5.9MEDIUM

Key Information:

Vendor
Citrix
Vendor
CVE Published:
2 August 2017

Summary

The TLS and DTLS processing in Citrix NetScaler Application Delivery Controller and Gateway devices prior to specific firmware builds is vulnerable to a padding-oracle attack. This can allow attackers to intercept and extract cleartext data during transmission, increasing the risk of data exposure. Organizations should ensure their devices are updated to mitigate this vulnerability and safeguard against potential man-in-the-middle attacks.

References

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.