CVE-2019-6485
Severity Score
5.9
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Citrix NetScaler Gateway 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 and Application Delivery Controller (ADC) 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 allow remote attackers to obtain sensitive plaintext information because of a TLS Padding Oracle Vulnerability when CBC-based cipher suites are enabled.
Citrix NetScaler Gateway, en versiones 12.1 anteriores a la build 50.31, versiones 12.0 anteriores a la build 60.9, versiones 11.1 anteriores a la build 60.14, versiones 11.0 anteriores a la build 72.17 y en versiones 10.5 anteriores a la build 69.5, así como Application Delivery Controller (ADC), en versiones 12.1 anteriores a la build 50.31, versiones 12.0 anteriores a la build 60.9, versiones 11.1 anteriores a la build 60.14, versiones 11.0 anteriores a la build 72.17 y versiones 10.5 anteriores a la build 69.5 permiten que los atacantes remotos obtengan información sensible en texto plano debido a una vulnerabilidad "TLS Padding Oracle" cuando los conjuntos de cifrado basados en CBC están habilitados.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2019-01-18 CVE Reserved
- 2019-02-22 CVE Published
- 2024-08-04 CVE Updated
- 2024-09-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-327: Use of a Broken or Risky Cryptographic Algorithm
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/106783 | Third Party Advisory | |
| https://github.com/RUB-NDS/TLS-Padding-Oracles | Product |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://support.citrix.com/article/CTX240139 | 2020-08-24 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Citrix Search vendor "Citrix" | Netscaler Gateway Firmware Search vendor "Citrix" for product "Netscaler Gateway Firmware" | 10.5 Search vendor "Citrix" for product "Netscaler Gateway Firmware" and version "10.5" | - |
Affected
| in | Citrix Search vendor "Citrix" | Netscaler Gateway Search vendor "Citrix" for product "Netscaler Gateway" | - | - |
Safe
|
| Citrix Search vendor "Citrix" | Netscaler Gateway Firmware Search vendor "Citrix" for product "Netscaler Gateway Firmware" | 11.0 Search vendor "Citrix" for product "Netscaler Gateway Firmware" and version "11.0" | - |
Affected
| in | Citrix Search vendor "Citrix" | Netscaler Gateway Search vendor "Citrix" for product "Netscaler Gateway" | - | - |
Safe
|
| Citrix Search vendor "Citrix" | Netscaler Gateway Firmware Search vendor "Citrix" for product "Netscaler Gateway Firmware" | 11.1 Search vendor "Citrix" for product "Netscaler Gateway Firmware" and version "11.1" | - |
Affected
| in | Citrix Search vendor "Citrix" | Netscaler Gateway Search vendor "Citrix" for product "Netscaler Gateway" | - | - |
Safe
|
| Citrix Search vendor "Citrix" | Netscaler Gateway Firmware Search vendor "Citrix" for product "Netscaler Gateway Firmware" | 12.0 Search vendor "Citrix" for product "Netscaler Gateway Firmware" and version "12.0" | - |
Affected
| in | Citrix Search vendor "Citrix" | Netscaler Gateway Search vendor "Citrix" for product "Netscaler Gateway" | - | - |
Safe
|
| Citrix Search vendor "Citrix" | Netscaler Gateway Firmware Search vendor "Citrix" for product "Netscaler Gateway Firmware" | 12.1 Search vendor "Citrix" for product "Netscaler Gateway Firmware" and version "12.1" | - |
Affected
| in | Citrix Search vendor "Citrix" | Netscaler Gateway Search vendor "Citrix" for product "Netscaler Gateway" | - | - |
Safe
|
| Citrix Search vendor "Citrix" | Netscaler Application Delivery Controller Firmware Search vendor "Citrix" for product "Netscaler Application Delivery Controller Firmware" | 10.5 Search vendor "Citrix" for product "Netscaler Application Delivery Controller Firmware" and version "10.5" | - |
Affected
| in | Citrix Search vendor "Citrix" | Netscaler Application Delivery Controller Search vendor "Citrix" for product "Netscaler Application Delivery Controller" | - | - |
Safe
|
| Citrix Search vendor "Citrix" | Netscaler Application Delivery Controller Firmware Search vendor "Citrix" for product "Netscaler Application Delivery Controller Firmware" | 11.0 Search vendor "Citrix" for product "Netscaler Application Delivery Controller Firmware" and version "11.0" | - |
Affected
| in | Citrix Search vendor "Citrix" | Netscaler Application Delivery Controller Search vendor "Citrix" for product "Netscaler Application Delivery Controller" | - | - |
Safe
|
| Citrix Search vendor "Citrix" | Netscaler Application Delivery Controller Firmware Search vendor "Citrix" for product "Netscaler Application Delivery Controller Firmware" | 11.1 Search vendor "Citrix" for product "Netscaler Application Delivery Controller Firmware" and version "11.1" | - |
Affected
| in | Citrix Search vendor "Citrix" | Netscaler Application Delivery Controller Search vendor "Citrix" for product "Netscaler Application Delivery Controller" | - | - |
Safe
|
| Citrix Search vendor "Citrix" | Netscaler Application Delivery Controller Firmware Search vendor "Citrix" for product "Netscaler Application Delivery Controller Firmware" | 12.0 Search vendor "Citrix" for product "Netscaler Application Delivery Controller Firmware" and version "12.0" | - |
Affected
| in | Citrix Search vendor "Citrix" | Netscaler Application Delivery Controller Search vendor "Citrix" for product "Netscaler Application Delivery Controller" | - | - |
Safe
|
| Citrix Search vendor "Citrix" | Netscaler Application Delivery Controller Firmware Search vendor "Citrix" for product "Netscaler Application Delivery Controller Firmware" | 12.1 Search vendor "Citrix" for product "Netscaler Application Delivery Controller Firmware" and version "12.1" | - |
Affected
| in | Citrix Search vendor "Citrix" | Netscaler Application Delivery Controller Search vendor "Citrix" for product "Netscaler Application Delivery Controller" | - | - |
Safe
|