TLS and DTLS Vulnerability in Citrix NetScaler Application Delivery Controller and Gateway
CVE-2015-3642
5.9MEDIUM
Key Information:
- Vendor
- Citrix
- Vendor
- CVE Published:
- 2 August 2017
Summary
The TLS and DTLS processing in Citrix NetScaler Application Delivery Controller and Gateway devices prior to specific firmware builds is vulnerable to a padding-oracle attack. This can allow attackers to intercept and extract cleartext data during transmission, increasing the risk of data exposure. Organizations should ensure their devices are updated to mitigate this vulnerability and safeguard against potential man-in-the-middle attacks.
References
CVSS V3.1
Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved