TLS Padding Oracle Vulnerability in Citrix NetScaler ADC and NetScaler Gateway
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2017-17382 |
| CWE-ID | CWE-310 |
| Exploitation vector | Local network |
| Public exploit | Public exploit code for vulnerability #1 is available. |
| Vulnerable software |
Citrix NetScaler Server applications / Remote management servers, RDP, SSH |
| Vendor | Citrix |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) TLS Padding Oracle
EUVDB-ID: #VU9651
Risk: Low
CVSSv4.0: 5.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:A/U:Clear]
CVE-ID: CVE-2017-17382
CWE-ID:
CWE-310 - Cryptographic Issues
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to decrypt TLS traffic. A TLS padding Oracle issue has been detected in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway. A remote attacker with ability to establish a large number of TLS connections with the target server can conduct a modified version of the Bleichenbacher chosen-ciphertext attack against RSA PKCS#1 v1.5 encryption block formatting and decrypt the data. The attack is known as "ROBOT" (Return Of Bleichenbacher's Oracle Threat).
MitigationInstall updates from vendor's website:
- Citrix NetScaler ADC and NetScaler Gateway version 12.0 earlier than build 53.22
- Citrix NetScaler ADC and NetScaler Gateway version 11.1 earlier than build 56.19
- Citrix NetScaler ADC and NetScaler Gateway version 11.0 earlier than build 71.22
- Citrix NetScaler ADC and NetScaler Gateway version 10.5 earlier than build 67.13
Citrix NetScaler: 10.5 Build 50.10 - 12.0 Build 53.13
CPE2.3- cpe:2.3:a:citrix:citrix_netscaler:10.5 Build 50.10:*:*:*:*:*:*:*
- cpe:2.3:a:citrix:citrix_netscaler:10.5 Build 51.10:*:*:*:*:*:*:*
- cpe:2.3:a:citrix:citrix_netscaler:10.5 Build 52.11:*:*:*:*:*:*:*
https://support.citrix.com/article/CTX230238
https://eprint.iacr.org/2017/1189
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.
