TLS and DTLS Vulnerability in Citrix NetScaler Application Delivery Controller and Gateway
CVE-2015-3642

5.9MEDIUM

Key Information:

Vendor: Citrix
Status: Netscaler Application Delivery Controller
Vendor: CVE Published:; 2 August 2017

What is CVE-2015-3642?

The TLS and DTLS processing in Citrix NetScaler Application Delivery Controller and Gateway devices prior to specific firmware builds is vulnerable to a padding-oracle attack. This can allow attackers to intercept and extract cleartext data during transmission, increasing the risk of data exposure. Organizations should ensure their devices are updated to mitigate this vulnerability and safeguard against potential man-in-the-middle attacks.

References

http://support.citrix.com/article/CTX200378

x_refsource_CONFIRM

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 2, 2017
Vulnerability Reserved
May 4, 2015