CVE-2017-17549
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 allow remote attackers to obtain sensitive information from the backend client TLS handshake by leveraging use of TLS with Client Certificates and a Diffie-Hellman Ephemeral (DHE) key exchange.
Citrix NetScaler Application Delivery Controller (ADC) y NetScaler Gateway 10.5 anteriores a la build 67.13, 11.0 anteriores a la build 71.22, 11.1 anteriores a la build 56.19 y 12.0 anteriores a la build 53.22 permiten que atacantes remotos obtengan informaciĆ³n sensible de la negociaciĆ³n TLS del cliente del backend aprovechando el uso de TLS con certificados del cliente y un intercambio de claves Diffie-Hellman Ephemeral (DHE).
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-12-11 CVE Reserved
- 2017-12-13 CVE Published
- 2023-06-15 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/102177 | Third Party Advisory | |
| http://www.securitytracker.com/id/1040011 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://support.citrix.com/article/ctx230612 | 2018-01-05 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Citrix Search vendor "Citrix" | Application Delivery Controller Firmware Search vendor "Citrix" for product "Application Delivery Controller Firmware" | 10.5 Search vendor "Citrix" for product "Application Delivery Controller Firmware" and version "10.5" | - |
Affected
| ||||||
| Citrix Search vendor "Citrix" | Application Delivery Controller Firmware Search vendor "Citrix" for product "Application Delivery Controller Firmware" | 11.0 Search vendor "Citrix" for product "Application Delivery Controller Firmware" and version "11.0" | - |
Affected
| ||||||
| Citrix Search vendor "Citrix" | Application Delivery Controller Firmware Search vendor "Citrix" for product "Application Delivery Controller Firmware" | 11.1 Search vendor "Citrix" for product "Application Delivery Controller Firmware" and version "11.1" | - |
Affected
| ||||||
| Citrix Search vendor "Citrix" | Application Delivery Controller Firmware Search vendor "Citrix" for product "Application Delivery Controller Firmware" | 12.0 Search vendor "Citrix" for product "Application Delivery Controller Firmware" and version "12.0" | - |
Affected
| ||||||
| Citrix Search vendor "Citrix" | Netscaler Gateway Firmware Search vendor "Citrix" for product "Netscaler Gateway Firmware" | 10.5 Search vendor "Citrix" for product "Netscaler Gateway Firmware" and version "10.5" | - |
Affected
| ||||||
| Citrix Search vendor "Citrix" | Netscaler Gateway Firmware Search vendor "Citrix" for product "Netscaler Gateway Firmware" | 11.0 Search vendor "Citrix" for product "Netscaler Gateway Firmware" and version "11.0" | - |
Affected
| ||||||
| Citrix Search vendor "Citrix" | Netscaler Gateway Firmware Search vendor "Citrix" for product "Netscaler Gateway Firmware" | 11.1 Search vendor "Citrix" for product "Netscaler Gateway Firmware" and version "11.1" | - |
Affected
| ||||||
| Citrix Search vendor "Citrix" | Netscaler Gateway Firmware Search vendor "Citrix" for product "Netscaler Gateway Firmware" | 12.0 Search vendor "Citrix" for product "Netscaler Gateway Firmware" and version "12.0" | - |
Affected
| ||||||