CVE-2019-6485

Citrix NetScaler Gateway 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 and Application Delivery Controller (ADC) 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 allow remote attackers to obtain sensitive plaintext information because of a TLS Padding Oracle Vulnerability when CBC-based cipher suites are enabled.

CVSS v3 5.9 MEDIUM
CVSS v2.0 4.3 MEDIUM

5.9^/10

CVSS v3 : MEDIUM

V3 Legend

Vector : AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.securityfocus.com/bid/106783	Third Party Advisory VDB Entry
https://github.com/RUB-NDS/TLS-Padding-Oracles	Product Third Party Advisory
https://support.citrix.com/article/CTX240139	Mitigation Patch Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:citrix:netscaler_gateway_firmware:10.5:::::::*
	cpe:2.3:o:citrix:netscaler_gateway_firmware:11.0:::::::*
	cpe:2.3:o:citrix:netscaler_gateway_firmware:11.1:::::::*
	cpe:2.3:o:citrix:netscaler_gateway_firmware:12.0:::::::*
	cpe:2.3:o:citrix:netscaler_gateway_firmware:12.1:::::::*

cpe:2.3:h:citrix:netscaler_gateway:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

OR	cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:10.5:::::::*
	cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:11.0:::::::*
	cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:11.1:::::::*
	cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:12.0:::::::*
	cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:12.1:::::::*

cpe:2.3:h:citrix:netscaler_application_delivery_controller:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-02-22 23:29

Updated : 2024-02-04 20:03

NVD link : CVE-2019-6485

Mitre link : CVE-2019-6485

CVE.ORG link : CVE-2019-6485

JSON object : View

Products Affected

citrix

netscaler_application_delivery_controller
netscaler_application_delivery_controller_firmware
netscaler_gateway
netscaler_gateway_firmware

CWE

CWE-327

Use of a Broken or Risky Cryptographic Algorithm

5.9 /10

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.3 /10

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2019-6485

5.9^/10

4.3^/10

Attach tags to `CVE-2019-6485`