TLS Padding Oracle Vulnerability in Citrix NetScaler Gateway and ADC
CVE-2019-6485

5.9MEDIUM

Key Information:

Vendor

Citrix
Status
Netscaler Gateway Firmware
Vendor
CVE Published:
22 February 2019

What is CVE-2019-6485?

A TLS Padding Oracle Vulnerability exists in multiple versions of Citrix NetScaler Gateway and Application Delivery Controller. When CBC-based cipher suites are enabled, remote attackers could exploit this flaw to gain unauthorized access to sensitive plaintext information. This vulnerability underscores the need for proper configuration and timely updates to safeguard sensitive data.

References

https://github.com/RUB-NDS/TLS-Padding-Oracles
x_refsource_MISC
https://support.citrix.com/article/CTX240139
x_refsource_MISC
http://www.securityfocus.com/bid/106783
vdb-entryx_refsource_BID

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.