cvelistv5 - CVE-2017-17382

CVE-2017-17382 (GCVE-0-2017-17382)

Vulnerability from cvelistv5 – Published: 2017-12-13 16:00 – Updated: 2024-08-05 20:51

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://support.citrix.com/article/ctx230238	x_refsource_CONFIRM
	https://robotattack.org/	x_refsource_MISC
	http://www.securityfocus.com/bid/102173	vdb-entryx_refsource_BID
	https://www.kb.cert.org/vuls/id/144389	third-party-advisoryx_refsource_CERT-VN
	http://www.securitytracker.com/id/1039985	vdb-entryx_refsource_SECTRACK

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T20:51:30.757Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.citrix.com/article/ctx230238"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://robotattack.org/"
          },
          {
            "name": "102173",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102173"
          },
          {
            "name": "VU#144389",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/144389"
          },
          {
            "name": "1039985",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039985"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-12-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-12-14T10:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.citrix.com/article/ctx230238"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://robotattack.org/"
        },
        {
          "name": "102173",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102173"
        },
        {
          "name": "VU#144389",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "https://www.kb.cert.org/vuls/id/144389"
        },
        {
          "name": "1039985",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039985"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-17382",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.citrix.com/article/ctx230238",
              "refsource": "CONFIRM",
              "url": "https://support.citrix.com/article/ctx230238"
            },
            {
              "name": "https://robotattack.org/",
              "refsource": "MISC",
              "url": "https://robotattack.org/"
            },
            {
              "name": "102173",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102173"
            },
            {
              "name": "VU#144389",
              "refsource": "CERT-VN",
              "url": "https://www.kb.cert.org/vuls/id/144389"
            },
            {
              "name": "1039985",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039985"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-17382",
    "datePublished": "2017-12-13T16:00:00",
    "dateReserved": "2017-12-04T00:00:00",
    "dateUpdated": "2024-08-05T20:51:30.757Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:citrix:application_delivery_controller_firmware:10.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D56F2AAF-4658-484C-9A3A-D8A52BA5B10C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:citrix:application_delivery_controller_firmware:11.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3CE459BE-DA8F-4DFB-B901-5F294C6311F7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:citrix:application_delivery_controller_firmware:11.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8CE9E655-0D97-4DCF-AC2F-79DCD12770E5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:citrix:application_delivery_controller_firmware:12.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"49454F7D-77B5-46DF-B95C-312AF2E68EAD\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:citrix:netscaler_gateway_firmware:10.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7E0FA8E2-3E8F-481E-8C39-FB00A9739DFC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:citrix:netscaler_gateway_firmware:11.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D2C6F82C-9969-4A6E-88C8-AB8BB0AAD3C7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:citrix:netscaler_gateway_firmware:11.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A5D73B9A-59AA-4A38-AEAF-7EAB0965CD7E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:citrix:netscaler_gateway_firmware:12.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B9F3ED0E-7F3D-477B-B645-77DA5FC7F502\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack.\"}, {\"lang\": \"es\", \"value\": \"Citrix NetScaler Application Delivery Controller (ADC) y NetScaler Gateway 10.5 anteriores a la build 67.13, 11.0 anteriores a la build 71.22, 11.1 anteriores a la build 56.19 y 12.0 anteriores a la build 53.22 podr\\u00eda permitir que atacantes remotos descifren datos de texto cifrado TLS aprovechando un or\\u00e1culo de relleno RSA Bleichenbacher. Esto tambi\\u00e9n se conoce como ataque ROBOT.\"}]",
      "id": "CVE-2017-17382",
      "lastModified": "2024-11-21T03:17:52.007",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 5.9, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:N/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2017-12-13T16:29:00.253",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/102173\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1039985\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://robotattack.org/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://support.citrix.com/article/ctx230238\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.kb.cert.org/vuls/id/144389\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"http://www.securityfocus.com/bid/102173\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1039985\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://robotattack.org/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://support.citrix.com/article/ctx230238\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.kb.cert.org/vuls/id/144389\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-327\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-17382\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2017-12-13T16:29:00.253\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack.\"},{\"lang\":\"es\",\"value\":\"Citrix NetScaler Application Delivery Controller (ADC) y NetScaler Gateway 10.5 anteriores a la build 67.13, 11.0 anteriores a la build 71.22, 11.1 anteriores a la build 56.19 y 12.0 anteriores a la build 53.22 podr\u00eda permitir que atacantes remotos descifren datos de texto cifrado TLS aprovechando un or\u00e1culo de relleno RSA Bleichenbacher. Esto tambi\u00e9n se conoce como ataque ROBOT.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-327\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:citrix:application_delivery_controller_firmware:10.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D56F2AAF-4658-484C-9A3A-D8A52BA5B10C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:citrix:application_delivery_controller_firmware:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3CE459BE-DA8F-4DFB-B901-5F294C6311F7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:citrix:application_delivery_controller_firmware:11.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8CE9E655-0D97-4DCF-AC2F-79DCD12770E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:citrix:application_delivery_controller_firmware:12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49454F7D-77B5-46DF-B95C-312AF2E68EAD\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:citrix:netscaler_gateway_firmware:10.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E0FA8E2-3E8F-481E-8C39-FB00A9739DFC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:citrix:netscaler_gateway_firmware:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D2C6F82C-9969-4A6E-88C8-AB8BB0AAD3C7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:citrix:netscaler_gateway_firmware:11.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5D73B9A-59AA-4A38-AEAF-7EAB0965CD7E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:citrix:netscaler_gateway_firmware:12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B9F3ED0E-7F3D-477B-B645-77DA5FC7F502\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/102173\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1039985\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://robotattack.org/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.citrix.com/article/ctx230238\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.kb.cert.org/vuls/id/144389\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/bid/102173\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1039985\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://robotattack.org/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.citrix.com/article/ctx230238\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.kb.cert.org/vuls/id/144389\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]}]}}"
  }
}

CERTFR-2017-ALE-020

Vulnerability from certfr_alerte - Published: - Updated:

[Mise à jour du 02/02/2018 : Ajout de l'avis de sécurité Aruba ARUBA-PSA-2018-002]

En 1998, le chercheur Daniel Bleichenbacher a découvert une vulnérabilité dans des implémentations du chiffrement RSA PKCS #1 v1.5 utilisé dans SSL.

Celle-ci permet une attaque à texte chiffré choisi. Après avoir passivement intercepté les communications entre un client et un serveur, un attaquant peut envoyer des requêtes mal formées à ce serveur, chiffrées avec la clé publique de celui-ci, dans le but d'obtenir des informations en fonction des messages d'erreurs reçus. Au bout d'un certain nombre de requêtes, l'attaquant est en mesure, sans deviner la clé privée, de récupérer la clé de session dans ses captures préalables et ainsi pouvoir déchiffrer les communications. Suivant les implémentations, ce nombre de requêtes varie de plusieurs dizaines de milliers à quelques millions. Cette attaque permet également de faire signer des messages arbitraires par le serveur.

Le 12 décembre 2017, des chercheurs ont publié leurs travaux sur cette vulnérabilité par le biais d'un site internet (cf. section Documentation) et d'un papier blanc (cf. section Documentation). En scannant internet, ils ont découvert que de nombreuses implémentations de piles TLS sont encore vulnérables, soit parce qu'elles n'ont pas été mises à jour, soit parce qu'il n'a pas été tenu compte des contre-mesures existantes.

Ces chercheurs estiment qu'une attaque de l'intercepteur actif (Mitm) est peu pratique à mettre en oeuvre à cause du temps requis pour récupérer la clé de session. En effet, celui-ci est de l'ordre de plusieurs secondes ; cela est suffisant pour une attaque hors ligne, mais trop long pour se placer discrètement dans une communication. Ils recommandent de désactiver le chiffrement RSA au profit de l'utilisation de l'algorithme de Diffie-Hellman en courbes elliptiques.

Le 30 janvier 2018, Aruba Networks a publié un avis de sécurité pour indiquer que les versions d'InstantOS antérieures à 6.5.4.6 étaient vulnérables (cf. section Documentation). La version 6.5.4.6 n'est cependant pas encore disponible et ne possède pas de date de sortie officielle.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Contournement provisoire

Le CERT-FR recommande l'utilisation des outils fournis par les chercheurs sur leur site (cf. section Documentation) afin de déterminer si des équipements sont vulnérables. D'un point de vue opérationnel, la désactivation du chiffrement RSA peut s'avérer compliquée. Il est aussi possible de surveiller les communications réseaux pour détecter des pics d'envois de messages erronés.

En cas de présence d'équipement vulnérable, les communications ne peuvent plus être considérées comme confidentielles. De même, on ne peut plus faire confiance aux messages signés par un serveur vulnérable.

Les chercheurs ont annoncé qu'ils disposaient d'une preuve de concept. Pour l'instant, celle-ci n'est pas disponible publiquement, mais ils ont annoncé qu'ils comptaient la publier après avoir laissé du temps supplémentaire aux constructeurs pour corriger cette faille.

Le CERT-FR recommande l'installation des correctifs dès que ceux-ci sont disponibles.

None

Impacted products

	Vendor	Product	Description
	N/A	N/A	Se référer à la liste des produits affectés sur le site du kd.cert.org (cf. section Documentation)

References

Title

Publication Time

Tags

robotattack.org	None	vendor-advisory
Avis CERT-FR CERTFR-2017-AVI-463	-	other
Return Of Bleichenbacher’s Oracle Threat (ROBOT)	-	other
Liste étendue de produits affectés	-	other
Avis de sécurité Aruba ARUBA-PSA-2018-002 du 30 janvier 2018	-	other
Avis CERT-FR CERTFR-2017-AVI-462	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Se r\u00e9f\u00e9rer \u00e0 la liste des produits affect\u00e9s sur le site du kd.cert.org (cf. section Documentation)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "closed_at": "2018-04-06",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n\n## Contournement provisoire\n\nLe CERT-FR recommande l\u0027utilisation des outils fournis par les\nchercheurs sur leur site (cf. section Documentation) afin de d\u00e9terminer\nsi des \u00e9quipements sont vuln\u00e9rables. D\u0027un point de vue op\u00e9rationnel, la\nd\u00e9sactivation du chiffrement RSA peut s\u0027av\u00e9rer compliqu\u00e9e. Il est aussi\npossible de surveiller les communications r\u00e9seaux pour d\u00e9tecter des pics\nd\u0027envois de messages erron\u00e9s.\n\nEn cas de pr\u00e9sence d\u0027\u00e9quipement vuln\u00e9rable, les communications ne\npeuvent plus \u00eatre consid\u00e9r\u00e9es comme confidentielles. De m\u00eame, on ne peut\nplus faire confiance aux messages sign\u00e9s par un serveur vuln\u00e9rable.\n\nLes chercheurs ont annonc\u00e9 qu\u0027ils disposaient d\u0027une preuve de concept.\nPour l\u0027instant, celle-ci n\u0027est pas disponible publiquement, mais ils ont\nannonc\u00e9 qu\u0027ils comptaient la publier apr\u00e8s avoir laiss\u00e9 du temps\nsuppl\u00e9mentaire aux constructeurs pour corriger cette faille.\n\nLe CERT-FR recommande l\u0027installation des correctifs d\u00e8s que ceux-ci sont\ndisponibles.\n",
  "cves": [
    {
      "name": "CVE-2017-13099",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13099"
    },
    {
      "name": "CVE-2017-1000385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-1000385"
    },
    {
      "name": "CVE-2016-6883",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6883"
    },
    {
      "name": "CVE-2017-17428",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-17428"
    },
    {
      "name": "CVE-2017-13098",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13098"
    },
    {
      "name": "CVE-2012-5081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5081"
    },
    {
      "name": "CVE-2017-6168",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6168"
    },
    {
      "name": "CVE-2017-17382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-17382"
    },
    {
      "name": "CVE-2017-17427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-17427"
    }
  ],
  "links": [
    {
      "title": "Avis CERT-FR CERTFR-2017-AVI-463",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2017-AVI-463/"
    },
    {
      "title": "Return Of Bleichenbacher\u2019s Oracle Threat (ROBOT)",
      "url": "https://eprint.iacr.org/2017/1189.pdf"
    },
    {
      "title": "Liste \u00e9tendue de produits affect\u00e9s",
      "url": "https://www.kb.cert.org/vuls/byvendor?searchview\u0026Query=FIELD+Reference=144389\u0026SearchOrder=4"
    },
    {
      "title": "Avis de s\u00e9curit\u00e9 Aruba ARUBA-PSA-2018-002 du 30 janvier 2018",
      "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-002.txt"
    },
    {
      "title": "Avis CERT-FR CERTFR-2017-AVI-462",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2017-AVI-462/"
    }
  ],
  "reference": "CERTFR-2017-ALE-020",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2017-12-13T00:00:00.000000"
    },
    {
      "description": "Ajout de l\u0027avis de s\u00e9curit\u00e9 Aruba ARUBA-PSA-2018-002",
      "revision_date": "2018-02-02T00:00:00.000000"
    },
    {
      "description": "Cl\u00f4ture de l\u0027alerte",
      "revision_date": "2018-04-06T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "\\[Mise \u00e0 jour du 02/02/2018 : Ajout de l\u0027avis de s\u00e9curit\u00e9 Aruba\nARUBA-PSA-2018-002\\]\n\nEn 1998, le chercheur\u00a0Daniel Bleichenbacher a d\u00e9couvert une\nvuln\u00e9rabilit\u00e9 dans des impl\u00e9mentations du chiffrement RSA PKCS \\#1 v1.5\nutilis\u00e9 dans SSL.\n\nCelle-ci permet une attaque \u00e0 texte chiffr\u00e9 choisi. Apr\u00e8s avoir\npassivement intercept\u00e9 les communications entre un client et un serveur,\nun attaquant peut envoyer des requ\u00eates mal form\u00e9es \u00e0 ce serveur,\nchiffr\u00e9es avec la cl\u00e9 publique de celui-ci, dans le but d\u0027obtenir des\ninformations en fonction des messages d\u0027erreurs re\u00e7us. Au bout d\u0027un\ncertain nombre de requ\u00eates, l\u0027attaquant est en mesure, sans deviner la\ncl\u00e9 priv\u00e9e, de r\u00e9cup\u00e9rer la cl\u00e9 de session dans ses captures pr\u00e9alables\net ainsi pouvoir d\u00e9chiffrer les communications. Suivant les\nimpl\u00e9mentations, ce nombre de requ\u00eates varie de plusieurs dizaines de\nmilliers \u00e0 quelques millions. Cette attaque permet \u00e9galement de faire\nsigner des messages arbitraires par le serveur.\n\nLe 12 d\u00e9cembre 2017, des chercheurs ont publi\u00e9 leurs travaux sur cette\nvuln\u00e9rabilit\u00e9 par le biais d\u0027un site internet (cf. section\nDocumentation) et d\u0027un papier blanc (cf. section Documentation). En\nscannant internet, ils ont d\u00e9couvert que de nombreuses impl\u00e9mentations\nde piles TLS sont encore vuln\u00e9rables, soit parce qu\u0027elles n\u0027ont pas \u00e9t\u00e9\nmises \u00e0 jour, soit parce qu\u0027il n\u0027a pas \u00e9t\u00e9 tenu compte des\ncontre-mesures existantes.\n\nCes chercheurs estiment qu\u0027une attaque de l\u0027intercepteur actif (Mitm)\nest peu pratique \u00e0 mettre en oeuvre \u00e0 cause du temps requis pour\nr\u00e9cup\u00e9rer la cl\u00e9 de session. En effet, celui-ci est de l\u0027ordre de\nplusieurs secondes ; cela est suffisant pour une attaque hors ligne,\nmais trop long pour se placer discr\u00e8tement dans une communication. Ils\nrecommandent de d\u00e9sactiver le chiffrement RSA au profit de l\u0027utilisation\nde l\u0027algorithme de Diffie-Hellman en courbes elliptiques.\n\nLe 30 janvier 2018, Aruba Networks a publi\u00e9 un avis de s\u00e9curit\u00e9 pour\nindiquer que les versions d\u0027InstantOS ant\u00e9rieures \u00e0 6.5.4.6 \u00e9taient\nvuln\u00e9rables (cf. section Documentation). La version 6.5.4.6 n\u0027est\ncependant pas encore disponible et ne poss\u00e8de pas de date de sortie\nofficielle.\n\n\u00a0\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans des impl\u00e9mentations de TLS",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "robotattack.org",
      "url": "https://robotattack.org/"
    }
  ]
}

CERTFR-2017-ALE-020

Vulnerability from certfr_alerte - Published: - Updated:

[Mise à jour du 02/02/2018 : Ajout de l'avis de sécurité Aruba ARUBA-PSA-2018-002]

En 1998, le chercheur Daniel Bleichenbacher a découvert une vulnérabilité dans des implémentations du chiffrement RSA PKCS #1 v1.5 utilisé dans SSL.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Contournement provisoire

Le CERT-FR recommande l'installation des correctifs dès que ceux-ci sont disponibles.

None

Impacted products

	Vendor	Product	Description
	N/A	N/A	Se référer à la liste des produits affectés sur le site du kd.cert.org (cf. section Documentation)

References

Title

Publication Time

Tags

robotattack.org	None	vendor-advisory
Avis CERT-FR CERTFR-2017-AVI-463	-	other
Return Of Bleichenbacher’s Oracle Threat (ROBOT)	-	other
Liste étendue de produits affectés	-	other
Avis de sécurité Aruba ARUBA-PSA-2018-002 du 30 janvier 2018	-	other
Avis CERT-FR CERTFR-2017-AVI-462	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Se r\u00e9f\u00e9rer \u00e0 la liste des produits affect\u00e9s sur le site du kd.cert.org (cf. section Documentation)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "closed_at": "2018-04-06",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n\n## Contournement provisoire\n\nLe CERT-FR recommande l\u0027utilisation des outils fournis par les\nchercheurs sur leur site (cf. section Documentation) afin de d\u00e9terminer\nsi des \u00e9quipements sont vuln\u00e9rables. D\u0027un point de vue op\u00e9rationnel, la\nd\u00e9sactivation du chiffrement RSA peut s\u0027av\u00e9rer compliqu\u00e9e. Il est aussi\npossible de surveiller les communications r\u00e9seaux pour d\u00e9tecter des pics\nd\u0027envois de messages erron\u00e9s.\n\nEn cas de pr\u00e9sence d\u0027\u00e9quipement vuln\u00e9rable, les communications ne\npeuvent plus \u00eatre consid\u00e9r\u00e9es comme confidentielles. De m\u00eame, on ne peut\nplus faire confiance aux messages sign\u00e9s par un serveur vuln\u00e9rable.\n\nLes chercheurs ont annonc\u00e9 qu\u0027ils disposaient d\u0027une preuve de concept.\nPour l\u0027instant, celle-ci n\u0027est pas disponible publiquement, mais ils ont\nannonc\u00e9 qu\u0027ils comptaient la publier apr\u00e8s avoir laiss\u00e9 du temps\nsuppl\u00e9mentaire aux constructeurs pour corriger cette faille.\n\nLe CERT-FR recommande l\u0027installation des correctifs d\u00e8s que ceux-ci sont\ndisponibles.\n",
  "cves": [
    {
      "name": "CVE-2017-13099",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13099"
    },
    {
      "name": "CVE-2017-1000385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-1000385"
    },
    {
      "name": "CVE-2016-6883",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6883"
    },
    {
      "name": "CVE-2017-17428",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-17428"
    },
    {
      "name": "CVE-2017-13098",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13098"
    },
    {
      "name": "CVE-2012-5081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5081"
    },
    {
      "name": "CVE-2017-6168",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6168"
    },
    {
      "name": "CVE-2017-17382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-17382"
    },
    {
      "name": "CVE-2017-17427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-17427"
    }
  ],
  "links": [
    {
      "title": "Avis CERT-FR CERTFR-2017-AVI-463",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2017-AVI-463/"
    },
    {
      "title": "Return Of Bleichenbacher\u2019s Oracle Threat (ROBOT)",
      "url": "https://eprint.iacr.org/2017/1189.pdf"
    },
    {
      "title": "Liste \u00e9tendue de produits affect\u00e9s",
      "url": "https://www.kb.cert.org/vuls/byvendor?searchview\u0026Query=FIELD+Reference=144389\u0026SearchOrder=4"
    },
    {
      "title": "Avis de s\u00e9curit\u00e9 Aruba ARUBA-PSA-2018-002 du 30 janvier 2018",
      "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-002.txt"
    },
    {
      "title": "Avis CERT-FR CERTFR-2017-AVI-462",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2017-AVI-462/"
    }
  ],
  "reference": "CERTFR-2017-ALE-020",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2017-12-13T00:00:00.000000"
    },
    {
      "description": "Ajout de l\u0027avis de s\u00e9curit\u00e9 Aruba ARUBA-PSA-2018-002",
      "revision_date": "2018-02-02T00:00:00.000000"
    },
    {
      "description": "Cl\u00f4ture de l\u0027alerte",
      "revision_date": "2018-04-06T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "\\[Mise \u00e0 jour du 02/02/2018 : Ajout de l\u0027avis de s\u00e9curit\u00e9 Aruba\nARUBA-PSA-2018-002\\]\n\nEn 1998, le chercheur\u00a0Daniel Bleichenbacher a d\u00e9couvert une\nvuln\u00e9rabilit\u00e9 dans des impl\u00e9mentations du chiffrement RSA PKCS \\#1 v1.5\nutilis\u00e9 dans SSL.\n\nCelle-ci permet une attaque \u00e0 texte chiffr\u00e9 choisi. Apr\u00e8s avoir\npassivement intercept\u00e9 les communications entre un client et un serveur,\nun attaquant peut envoyer des requ\u00eates mal form\u00e9es \u00e0 ce serveur,\nchiffr\u00e9es avec la cl\u00e9 publique de celui-ci, dans le but d\u0027obtenir des\ninformations en fonction des messages d\u0027erreurs re\u00e7us. Au bout d\u0027un\ncertain nombre de requ\u00eates, l\u0027attaquant est en mesure, sans deviner la\ncl\u00e9 priv\u00e9e, de r\u00e9cup\u00e9rer la cl\u00e9 de session dans ses captures pr\u00e9alables\net ainsi pouvoir d\u00e9chiffrer les communications. Suivant les\nimpl\u00e9mentations, ce nombre de requ\u00eates varie de plusieurs dizaines de\nmilliers \u00e0 quelques millions. Cette attaque permet \u00e9galement de faire\nsigner des messages arbitraires par le serveur.\n\nLe 12 d\u00e9cembre 2017, des chercheurs ont publi\u00e9 leurs travaux sur cette\nvuln\u00e9rabilit\u00e9 par le biais d\u0027un site internet (cf. section\nDocumentation) et d\u0027un papier blanc (cf. section Documentation). En\nscannant internet, ils ont d\u00e9couvert que de nombreuses impl\u00e9mentations\nde piles TLS sont encore vuln\u00e9rables, soit parce qu\u0027elles n\u0027ont pas \u00e9t\u00e9\nmises \u00e0 jour, soit parce qu\u0027il n\u0027a pas \u00e9t\u00e9 tenu compte des\ncontre-mesures existantes.\n\nCes chercheurs estiment qu\u0027une attaque de l\u0027intercepteur actif (Mitm)\nest peu pratique \u00e0 mettre en oeuvre \u00e0 cause du temps requis pour\nr\u00e9cup\u00e9rer la cl\u00e9 de session. En effet, celui-ci est de l\u0027ordre de\nplusieurs secondes ; cela est suffisant pour une attaque hors ligne,\nmais trop long pour se placer discr\u00e8tement dans une communication. Ils\nrecommandent de d\u00e9sactiver le chiffrement RSA au profit de l\u0027utilisation\nde l\u0027algorithme de Diffie-Hellman en courbes elliptiques.\n\nLe 30 janvier 2018, Aruba Networks a publi\u00e9 un avis de s\u00e9curit\u00e9 pour\nindiquer que les versions d\u0027InstantOS ant\u00e9rieures \u00e0 6.5.4.6 \u00e9taient\nvuln\u00e9rables (cf. section Documentation). La version 6.5.4.6 n\u0027est\ncependant pas encore disponible et ne poss\u00e8de pas de date de sortie\nofficielle.\n\n\u00a0\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans des impl\u00e9mentations de TLS",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "robotattack.org",
      "url": "https://robotattack.org/"
    }
  ]
}

CERTFR-2022-AVI-171

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les commutateurs Aruba AOS-CX. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
HPE Aruba Networking	AOS	AOS-CX versions 10.06.x antérieures à 10.06.0180
HPE Aruba Networking	AOS	AOS-CX versions 10.09.x antérieures à 10.09.0010
HPE Aruba Networking	AOS	AOS-CX versions 10.07.x antérieures à 10.07.0061
HPE Aruba Networking	AOS	AOS-CX versions 10.08.x antérieures à 10.08.1040

References

Title

Publication Time

Tags

Bulletin de sécurité Aruba AOS-CX ARUBA-PSA-2022-004 du 23 février 2022

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "AOS-CX versions 10.06.x ant\u00e9rieures \u00e0 10.06.0180",
      "product": {
        "name": "AOS",
        "vendor": {
          "name": "HPE Aruba Networking",
          "scada": false
        }
      }
    },
    {
      "description": "AOS-CX versions 10.09.x ant\u00e9rieures \u00e0 10.09.0010",
      "product": {
        "name": "AOS",
        "vendor": {
          "name": "HPE Aruba Networking",
          "scada": false
        }
      }
    },
    {
      "description": "AOS-CX versions 10.07.x ant\u00e9rieures \u00e0 10.07.0061",
      "product": {
        "name": "AOS",
        "vendor": {
          "name": "HPE Aruba Networking",
          "scada": false
        }
      }
    },
    {
      "description": "AOS-CX versions 10.08.x ant\u00e9rieures \u00e0 10.08.1040",
      "product": {
        "name": "AOS",
        "vendor": {
          "name": "HPE Aruba Networking",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-13099",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13099"
    },
    {
      "name": "CVE-2016-6883",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6883"
    },
    {
      "name": "CVE-2017-17427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-17427"
    },
    {
      "name": "CVE-2012-5081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5081"
    },
    {
      "name": "CVE-2017-13098",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13098"
    },
    {
      "name": "CVE-2017-1000385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-1000385"
    },
    {
      "name": "CVE-2002-20001",
      "url": "https://www.cve.org/CVERecord?id=CVE-2002-20001"
    },
    {
      "name": "CVE-2017-6168",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6168"
    },
    {
      "name": "CVE-2021-41000",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41000"
    },
    {
      "name": "CVE-2017-12373",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-12373"
    },
    {
      "name": "CVE-2021-41003",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41003"
    },
    {
      "name": "CVE-2017-17428",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-17428"
    },
    {
      "name": "CVE-2021-41001",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41001"
    },
    {
      "name": "CVE-2021-3712",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3712"
    },
    {
      "name": "CVE-2017-17382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-17382"
    },
    {
      "name": "CVE-2021-41002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41002"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-171",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-02-23T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les commutateurs\nAruba AOS-CX. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les commutateurs Aruba AOS-CX",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Aruba AOS-CX ARUBA-PSA-2022-004 du 23 f\u00e9vrier 2022",
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-004.txt"
    }
  ]
}

CERTFR-2017-AVI-462

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Citrix . Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Citrix	N/A	Citrix NetScaler ADC et NetScaler Gateway versions 12.0 antérieures à 12.0b53.22
Citrix	N/A	Citrix NetScaler ADC et NetScaler Gateway versions 11.0 antérieures à 11.0b71.22
Citrix	N/A	Citrix NetScaler ADC et NetScaler Gateway versions 11.1 antérieures à 11.1b56.19
Citrix	N/A	Citrix NetScaler ADC et NetScaler Gateway versions 10.5 antérieures à 10.5b67.13

References

Title

Publication Time

Tags

Bulletin de sécurité Citrix CTX230238 du 12 décembre 2017	None	vendor-advisory
Bulletin de sécurité Citrix CTX230612 du 12 décembre 2017	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Citrix NetScaler ADC et NetScaler Gateway versions 12.0 ant\u00e9rieures \u00e0 12.0b53.22",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix NetScaler ADC et NetScaler Gateway versions 11.0 ant\u00e9rieures \u00e0 11.0b71.22",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix NetScaler ADC et NetScaler Gateway versions 11.1 ant\u00e9rieures \u00e0 11.1b56.19",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix NetScaler ADC et NetScaler Gateway versions 10.5 ant\u00e9rieures \u00e0 10.5b67.13",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-17549",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-17549"
    },
    {
      "name": "CVE-2017-17382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-17382"
    }
  ],
  "links": [],
  "reference": "CERTFR-2017-AVI-462",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2017-12-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Citrix\n. Elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Citrix",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Citrix CTX230238 du 12 d\u00e9cembre 2017",
      "url": "https://support.citrix.com/article/CTX230238"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Citrix CTX230612 du 12 d\u00e9cembre 2017",
      "url": "https://support.citrix.com/article/CTX230612"
    }
  ]
}

CERTFR-2017-AVI-462

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Citrix . Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Citrix	N/A	Citrix NetScaler ADC et NetScaler Gateway versions 12.0 antérieures à 12.0b53.22
Citrix	N/A	Citrix NetScaler ADC et NetScaler Gateway versions 11.0 antérieures à 11.0b71.22
Citrix	N/A	Citrix NetScaler ADC et NetScaler Gateway versions 11.1 antérieures à 11.1b56.19
Citrix	N/A	Citrix NetScaler ADC et NetScaler Gateway versions 10.5 antérieures à 10.5b67.13

References

Title

Publication Time

Tags

Bulletin de sécurité Citrix CTX230238 du 12 décembre 2017	None	vendor-advisory
Bulletin de sécurité Citrix CTX230612 du 12 décembre 2017	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Citrix NetScaler ADC et NetScaler Gateway versions 12.0 ant\u00e9rieures \u00e0 12.0b53.22",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix NetScaler ADC et NetScaler Gateway versions 11.0 ant\u00e9rieures \u00e0 11.0b71.22",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix NetScaler ADC et NetScaler Gateway versions 11.1 ant\u00e9rieures \u00e0 11.1b56.19",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix NetScaler ADC et NetScaler Gateway versions 10.5 ant\u00e9rieures \u00e0 10.5b67.13",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-17549",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-17549"
    },
    {
      "name": "CVE-2017-17382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-17382"
    }
  ],
  "links": [],
  "reference": "CERTFR-2017-AVI-462",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2017-12-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Citrix\n. Elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Citrix",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Citrix CTX230238 du 12 d\u00e9cembre 2017",
      "url": "https://support.citrix.com/article/CTX230238"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Citrix CTX230612 du 12 d\u00e9cembre 2017",
      "url": "https://support.citrix.com/article/CTX230612"
    }
  ]
}

CERTFR-2022-AVI-171

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
HPE Aruba Networking	AOS	AOS-CX versions 10.06.x antérieures à 10.06.0180
HPE Aruba Networking	AOS	AOS-CX versions 10.09.x antérieures à 10.09.0010
HPE Aruba Networking	AOS	AOS-CX versions 10.07.x antérieures à 10.07.0061
HPE Aruba Networking	AOS	AOS-CX versions 10.08.x antérieures à 10.08.1040

References

Title

Publication Time

Tags

Bulletin de sécurité Aruba AOS-CX ARUBA-PSA-2022-004 du 23 février 2022

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "AOS-CX versions 10.06.x ant\u00e9rieures \u00e0 10.06.0180",
      "product": {
        "name": "AOS",
        "vendor": {
          "name": "HPE Aruba Networking",
          "scada": false
        }
      }
    },
    {
      "description": "AOS-CX versions 10.09.x ant\u00e9rieures \u00e0 10.09.0010",
      "product": {
        "name": "AOS",
        "vendor": {
          "name": "HPE Aruba Networking",
          "scada": false
        }
      }
    },
    {
      "description": "AOS-CX versions 10.07.x ant\u00e9rieures \u00e0 10.07.0061",
      "product": {
        "name": "AOS",
        "vendor": {
          "name": "HPE Aruba Networking",
          "scada": false
        }
      }
    },
    {
      "description": "AOS-CX versions 10.08.x ant\u00e9rieures \u00e0 10.08.1040",
      "product": {
        "name": "AOS",
        "vendor": {
          "name": "HPE Aruba Networking",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-13099",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13099"
    },
    {
      "name": "CVE-2016-6883",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6883"
    },
    {
      "name": "CVE-2017-17427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-17427"
    },
    {
      "name": "CVE-2012-5081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5081"
    },
    {
      "name": "CVE-2017-13098",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13098"
    },
    {
      "name": "CVE-2017-1000385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-1000385"
    },
    {
      "name": "CVE-2002-20001",
      "url": "https://www.cve.org/CVERecord?id=CVE-2002-20001"
    },
    {
      "name": "CVE-2017-6168",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6168"
    },
    {
      "name": "CVE-2021-41000",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41000"
    },
    {
      "name": "CVE-2017-12373",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-12373"
    },
    {
      "name": "CVE-2021-41003",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41003"
    },
    {
      "name": "CVE-2017-17428",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-17428"
    },
    {
      "name": "CVE-2021-41001",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41001"
    },
    {
      "name": "CVE-2021-3712",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3712"
    },
    {
      "name": "CVE-2017-17382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-17382"
    },
    {
      "name": "CVE-2021-41002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41002"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-171",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-02-23T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les commutateurs\nAruba AOS-CX. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les commutateurs Aruba AOS-CX",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Aruba AOS-CX ARUBA-PSA-2022-004 du 23 f\u00e9vrier 2022",
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-004.txt"
    }
  ]
}

FKIE_CVE-2017-17382

Vulnerability from fkie_nvd - Published: 2017-12-13 16:29 - Updated: 2025-04-20 01:37

Severity ?

5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
cve@mitre.org	http://www.securityfocus.com/bid/102173	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.securitytracker.com/id/1039985	Third Party Advisory, VDB Entry
cve@mitre.org	https://robotattack.org/	Third Party Advisory
cve@mitre.org	https://support.citrix.com/article/ctx230238	Vendor Advisory
cve@mitre.org	https://www.kb.cert.org/vuls/id/144389	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/102173	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1039985	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://robotattack.org/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.citrix.com/article/ctx230238	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.kb.cert.org/vuls/id/144389	Third Party Advisory, US Government Resource

Impacted products

Vendor	Product	Version
citrix	application_delivery_controller_firmware	10.5
citrix	application_delivery_controller_firmware	11.0
citrix	application_delivery_controller_firmware	11.1
citrix	application_delivery_controller_firmware	12.0
citrix	netscaler_gateway_firmware	10.5
citrix	netscaler_gateway_firmware	11.0
citrix	netscaler_gateway_firmware	11.1
citrix	netscaler_gateway_firmware	12.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:citrix:application_delivery_controller_firmware:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D56F2AAF-4658-484C-9A3A-D8A52BA5B10C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:citrix:application_delivery_controller_firmware:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CE459BE-DA8F-4DFB-B901-5F294C6311F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:citrix:application_delivery_controller_firmware:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CE9E655-0D97-4DCF-AC2F-79DCD12770E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:citrix:application_delivery_controller_firmware:12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "49454F7D-77B5-46DF-B95C-312AF2E68EAD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:citrix:netscaler_gateway_firmware:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E0FA8E2-3E8F-481E-8C39-FB00A9739DFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:citrix:netscaler_gateway_firmware:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2C6F82C-9969-4A6E-88C8-AB8BB0AAD3C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:citrix:netscaler_gateway_firmware:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5D73B9A-59AA-4A38-AEAF-7EAB0965CD7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:citrix:netscaler_gateway_firmware:12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9F3ED0E-7F3D-477B-B645-77DA5FC7F502",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack."
    },
    {
      "lang": "es",
      "value": "Citrix NetScaler Application Delivery Controller (ADC) y NetScaler Gateway 10.5 anteriores a la build 67.13, 11.0 anteriores a la build 71.22, 11.1 anteriores a la build 56.19 y 12.0 anteriores a la build 53.22 podr\u00eda permitir que atacantes remotos descifren datos de texto cifrado TLS aprovechando un or\u00e1culo de relleno RSA Bleichenbacher. Esto tambi\u00e9n se conoce como ataque ROBOT."
    }
  ],
  "id": "CVE-2017-17382",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-12-13T16:29:00.253",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102173"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039985"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://robotattack.org/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.citrix.com/article/ctx230238"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.kb.cert.org/vuls/id/144389"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102173"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039985"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://robotattack.org/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.citrix.com/article/ctx230238"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.kb.cert.org/vuls/id/144389"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-327"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

VAR-201712-0309

Vulnerability from variot - Updated: 2023-12-18 11:23

Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack. TLS implementations may disclose side channel information via discrepancies between valid and invalid PKCS#1 padding, and may therefore be vulnerable to Bleichenbacher-style attacks. This attack is known as a "ROBOT attack". Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway Contains an information disclosure vulnerability.Information may be obtained. Multiple Citrix Products are prone to an information-disclosure vulnerability. An attacker can exploit this issue to perform man-in-the-middle attacks to obtain sensitive information, and perform unauthorized actions. Successful exploits will lead to other attacks. Security vulnerabilities exist in Citrix NetScaler ADC and NetScaler Gateway. A remote attacker can exploit this vulnerability to decrypt TLS-encrypted data

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201712-0309",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "netscaler gateway",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "citrix",
        "version": "12.0"
      },
      {
        "model": "netscaler gateway",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "citrix",
        "version": "11.1"
      },
      {
        "model": "netscaler gateway",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "citrix",
        "version": "11.0"
      },
      {
        "model": "netscaler gateway",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "citrix",
        "version": "10.5"
      },
      {
        "model": "application delivery controller",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "citrix",
        "version": "11.1"
      },
      {
        "model": "application delivery controller",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "citrix",
        "version": "12.0"
      },
      {
        "model": "application delivery controller",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "citrix",
        "version": "10.5"
      },
      {
        "model": "application delivery controller",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "citrix",
        "version": "11.0"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "citrix",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "erlang",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "f5",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "legion of the bouncy castle",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "matrixssl",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "micro focus",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "wolfssl",
        "version": null
      },
      {
        "model": "netscaler application delivery controller",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "citrix",
        "version": "11.0 build 71.22"
      },
      {
        "model": "netscaler application delivery controller",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "citrix",
        "version": "10.5 build 67.13"
      },
      {
        "model": "netscaler gateway",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "citrix",
        "version": "10.5"
      },
      {
        "model": "netscaler application delivery controller",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "citrix",
        "version": "11.0"
      },
      {
        "model": "netscaler gateway",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "citrix",
        "version": "11.1"
      },
      {
        "model": "netscaler application delivery controller",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "citrix",
        "version": "12.0 build 53.22"
      },
      {
        "model": "netscaler gateway",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "citrix",
        "version": "12.0"
      },
      {
        "model": "netscaler gateway",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "citrix",
        "version": "11.0"
      },
      {
        "model": "netscaler gateway",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "citrix",
        "version": "11.1 build 56.19"
      },
      {
        "model": "netscaler gateway",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "citrix",
        "version": "10.5 build 67.13"
      },
      {
        "model": "netscaler gateway",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "citrix",
        "version": "11.0 build 71.22"
      },
      {
        "model": "netscaler application delivery controller",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "citrix",
        "version": "12.0"
      },
      {
        "model": "netscaler application delivery controller",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "citrix",
        "version": "11.1 build 56.19"
      },
      {
        "model": "netscaler gateway",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "citrix",
        "version": "12.0 build 53.22"
      },
      {
        "model": "netscaler application delivery controller",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "citrix",
        "version": "10.5"
      },
      {
        "model": "netscaler application delivery controller",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "citrix",
        "version": "11.1"
      },
      {
        "model": "netscaler adc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "12.0"
      },
      {
        "model": "netscaler adc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "11.1"
      },
      {
        "model": "netscaler adc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "11.0"
      },
      {
        "model": "netscaler adc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "10.5"
      },
      {
        "model": "netscaler gateway build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "12.053.22"
      },
      {
        "model": "netscaler gateway build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "11.156.19"
      },
      {
        "model": "netscaler gateway build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "11.071.22"
      },
      {
        "model": "netscaler gateway build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "10.567.13"
      },
      {
        "model": "netscaler adc build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "12.053.22"
      },
      {
        "model": "netscaler adc build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "11.156.19"
      },
      {
        "model": "netscaler adc build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "11.071.22"
      },
      {
        "model": "netscaler adc build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "10.567.13"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#144389"
      },
      {
        "db": "BID",
        "id": "102173"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011823"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-17382"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-498"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:citrix:application_delivery_controller_firmware:10.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:citrix:application_delivery_controller_firmware:11.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:citrix:application_delivery_controller_firmware:12.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:citrix:application_delivery_controller_firmware:11.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:citrix:netscaler_gateway_firmware:11.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:citrix:netscaler_gateway_firmware:10.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:citrix:netscaler_gateway_firmware:11.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:citrix:netscaler_gateway_firmware:12.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-17382"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Hanno B\u00f6ck (hanno@hboeck.de), Juraj Somorovsky (juraj.somorovsky@rub.de) of Ruhr-Universit\u00e4t Bochum / Hackmanit GmbH and Craig Young (vuln report@secur3.us) of Tripwire VERT.",
    "sources": [
      {
        "db": "BID",
        "id": "102173"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2017-17382",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2017-17382",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-108399",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.2,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "High",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.9,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2017-17382",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2017-17382",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201712-498",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-108399",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-108399"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011823"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-17382"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-498"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack. TLS implementations may disclose side channel information via discrepancies between valid and invalid PKCS#1 padding, and may therefore be vulnerable to Bleichenbacher-style attacks. This attack is known as a \"ROBOT attack\". Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway Contains an information disclosure vulnerability.Information may be obtained. Multiple Citrix Products are prone to an information-disclosure vulnerability. \nAn attacker can exploit this issue to perform man-in-the-middle attacks to obtain sensitive information, and perform unauthorized actions. Successful exploits will lead to other attacks. Security vulnerabilities exist in Citrix NetScaler ADC and NetScaler Gateway. A remote attacker can exploit this vulnerability to decrypt TLS-encrypted data",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-17382"
      },
      {
        "db": "CERT/CC",
        "id": "VU#144389"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011823"
      },
      {
        "db": "BID",
        "id": "102173"
      },
      {
        "db": "VULHUB",
        "id": "VHN-108399"
      }
    ],
    "trust": 2.7
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#144389",
        "trust": 3.6
      },
      {
        "db": "NVD",
        "id": "CVE-2017-17382",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "102173",
        "trust": 2.0
      },
      {
        "db": "SECTRACK",
        "id": "1039985",
        "trust": 1.7
      },
      {
        "db": "JVN",
        "id": "JVNVU92438713",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011823",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-498",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2023.1514",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-108399",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#144389"
      },
      {
        "db": "VULHUB",
        "id": "VHN-108399"
      },
      {
        "db": "BID",
        "id": "102173"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011823"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-17382"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-498"
      }
    ]
  },
  "id": "VAR-201712-0309",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-108399"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:23:40.731000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "CTX230238",
        "trust": 0.8,
        "url": "https://support.citrix.com/article/ctx230238"
      },
      {
        "title": "Citrix NetScaler Application Delivery Controller  and NetScaler Gateway Security vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=77140"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011823"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-498"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-327",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-200",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-108399"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011823"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-17382"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.8,
        "url": "https://support.citrix.com/article/ctx230238"
      },
      {
        "trust": 2.8,
        "url": "https://www.kb.cert.org/vuls/id/144389"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/102173"
      },
      {
        "trust": 1.7,
        "url": "https://robotattack.org/"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1039985"
      },
      {
        "trust": 0.8,
        "url": "https://robotattack.org"
      },
      {
        "trust": 0.8,
        "url": "https://www.usenix.org/system/files/conference/usenixsecurity14/sec14-paper-meyer.pdf"
      },
      {
        "trust": 0.8,
        "url": "http://archiv.infsec.ethz.ch/education/fs08/secsem/bleichenbacher98.pdf"
      },
      {
        "trust": 0.8,
        "url": "https://www.cert.org/historical/advisories/ca-1998-07.cfm"
      },
      {
        "trust": 0.8,
        "url": "https://tools.ietf.org/html/rfc5246#section-7.4.7.1"
      },
      {
        "trust": 0.8,
        "url": "http://cwe.mitre.org/data/definitions/203.html"
      },
      {
        "trust": 0.8,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20171212-bleichenbacher"
      },
      {
        "trust": 0.8,
        "url": "https://support.f5.com/csp/article/k21905460"
      },
      {
        "trust": 0.8,
        "url": "https://github.com/bcgit/bc-java/commit/a00b684465b38d722ca9a3543b8af8568e6bad5c"
      },
      {
        "trust": 0.8,
        "url": "https://github.com/matrixssl/matrixssl/blob/master/doc/changes.md"
      },
      {
        "trust": 0.8,
        "url": "https://support.microfocus.com/kb/doc.php?id=7022561"
      },
      {
        "trust": 0.8,
        "url": "https://github.com/wolfssl/wolfssl/pull/1229"
      },
      {
        "trust": 0.8,
        "url": "https://community.rsa.com/docs/doc-85268"
      },
      {
        "trust": 0.8,
        "url": "https://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17382"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu92438713/index.html"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-17382"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2023.1514"
      },
      {
        "trust": 0.3,
        "url": "http://www.citrix.com"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#144389"
      },
      {
        "db": "VULHUB",
        "id": "VHN-108399"
      },
      {
        "db": "BID",
        "id": "102173"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011823"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-17382"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-498"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#144389"
      },
      {
        "db": "VULHUB",
        "id": "VHN-108399"
      },
      {
        "db": "BID",
        "id": "102173"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011823"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-17382"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-498"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-12-12T00:00:00",
        "db": "CERT/CC",
        "id": "VU#144389"
      },
      {
        "date": "2017-12-13T00:00:00",
        "db": "VULHUB",
        "id": "VHN-108399"
      },
      {
        "date": "2017-12-12T00:00:00",
        "db": "BID",
        "id": "102173"
      },
      {
        "date": "2018-01-29T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-011823"
      },
      {
        "date": "2017-12-13T16:29:00.253000",
        "db": "NVD",
        "id": "CVE-2017-17382"
      },
      {
        "date": "2017-12-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201712-498"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-04-09T00:00:00",
        "db": "CERT/CC",
        "id": "VU#144389"
      },
      {
        "date": "2019-10-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-108399"
      },
      {
        "date": "2017-12-19T22:38:00",
        "db": "BID",
        "id": "102173"
      },
      {
        "date": "2018-01-29T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-011823"
      },
      {
        "date": "2019-10-03T00:03:26.223000",
        "db": "NVD",
        "id": "CVE-2017-17382"
      },
      {
        "date": "2023-03-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201712-498"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-498"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "TLS implementations may disclose side channel information via discrepancies between valid and invalid PKCS#1 padding",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#144389"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "encryption problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-498"
      }
    ],
    "trust": 0.6
  }
}

CNVD-2018-00541

Vulnerability from cnvd - Published: 2018-01-09

Title

Citrix NetScaler Application Delivery Controller和NetScaler Gateway信息泄露漏洞

Description

Citrix NetScaler Application Delivery Controller（ADC）和NetScaler Gateway（前称Citrix Access Gateway Enterprise Edition）都是美国思杰系统（Citrix Systems）公司的产品。NetScaler ADC是一套服务和应用交付解决方案（应用交付控制器）；NetScaler Gateway是一套安全的远程接入解决方案。 Citrix NetScaler ADC和NetScaler Gateway中存在信息泄露漏洞。远程攻击者可利用该漏洞解密TLS加密数据。

Severity

中

Patch Name

Citrix NetScaler Application Delivery Controller和NetScaler Gateway信息泄露漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://support.citrix.com/article/CTX230238

Reference

https://nvd.nist.gov/vuln/detail/CVE-2017-17382

Impacted products

Name
['Citrix Systems, Inc. NetScaler Application Delivery Controller 10.5(<10.5 build 67.13)', 'Citrix Systems, Inc. NetScaler Application Delivery Controller 11.0(<11.0 build 71.22)', 'Citrix Systems, Inc. NetScaler Application Delivery Controller 11.1(<11.1 build 56.19)', 'Citrix Systems, Inc. NetScaler Application Delivery Controller 12.0(<12.0 build 53.22)', 'Citrix Systems, Inc. NetScaler Gateway 12.0(<12.0 build 53.22)', 'Citrix Systems, Inc. NetScaler Gateway 11.1(<11.1 build 56.19)', 'Citrix Systems, Inc. NetScaler Gateway 11.0(<11.0 build 71.22)', 'Citrix Systems, Inc. NetScaler Gateway 10.5(<10.5 build 67.13)']

Name

['Citrix Systems, Inc. NetScaler Application Delivery Controller 10.5(<10.5 build 67.13)', 'Citrix Systems, Inc. NetScaler Application Delivery Controller 11.0(<11.0 build 71.22)', 'Citrix Systems, Inc. NetScaler Application Delivery Controller 11.1(<11.1 build 56.19)', 'Citrix Systems, Inc. NetScaler Application Delivery Controller 12.0(<12.0 build 53.22)', 'Citrix Systems, Inc. NetScaler Gateway 12.0(<12.0 build 53.22)', 'Citrix Systems, Inc. NetScaler Gateway 11.1(<11.1 build 56.19)', 'Citrix Systems, Inc. NetScaler Gateway 11.0(<11.0 build 71.22)', 'Citrix Systems, Inc. NetScaler Gateway 10.5(<10.5 build 67.13)']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "102173"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-17382",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17382"
    }
  },
  "description": "Citrix NetScaler Application Delivery Controller\uff08ADC\uff09\u548cNetScaler Gateway\uff08\u524d\u79f0Citrix Access Gateway Enterprise Edition\uff09\u90fd\u662f\u7f8e\u56fd\u601d\u6770\u7cfb\u7edf\uff08Citrix Systems\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002NetScaler ADC\u662f\u4e00\u5957\u670d\u52a1\u548c\u5e94\u7528\u4ea4\u4ed8\u89e3\u51b3\u65b9\u6848\uff08\u5e94\u7528\u4ea4\u4ed8\u63a7\u5236\u5668\uff09\uff1bNetScaler Gateway\u662f\u4e00\u5957\u5b89\u5168\u7684\u8fdc\u7a0b\u63a5\u5165\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nCitrix NetScaler ADC\u548cNetScaler Gateway\u4e2d\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u89e3\u5bc6TLS\u52a0\u5bc6\u6570\u636e\u3002",
  "discovererName": "Hanno B\u00c3\u00b6ck (hanno@hboeck.de), Juraj Somorovsky (juraj.somorovsky@rub.de) of Ruhr-Universit\u00c3\u00a4t Bochum / Hackmanit GmbH and Craig Young (vuln report@secur3.us) of Tripwire VERT",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://support.citrix.com/article/CTX230238",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-00541",
  "openTime": "2018-01-09",
  "patchDescription": "Citrix NetScaler Application Delivery Controller\uff08ADC\uff09\u548cNetScaler Gateway\uff08\u524d\u79f0Citrix Access Gateway Enterprise Edition\uff09\u90fd\u662f\u7f8e\u56fd\u601d\u6770\u7cfb\u7edf\uff08Citrix Systems\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002NetScaler ADC\u662f\u4e00\u5957\u670d\u52a1\u548c\u5e94\u7528\u4ea4\u4ed8\u89e3\u51b3\u65b9\u6848\uff08\u5e94\u7528\u4ea4\u4ed8\u63a7\u5236\u5668\uff09\uff1bNetScaler Gateway\u662f\u4e00\u5957\u5b89\u5168\u7684\u8fdc\u7a0b\u63a5\u5165\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nCitrix NetScaler ADC\u548cNetScaler Gateway\u4e2d\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u89e3\u5bc6TLS\u52a0\u5bc6\u6570\u636e\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Citrix NetScaler Application Delivery Controller\u548cNetScaler Gateway\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Citrix Systems, Inc. NetScaler Application Delivery Controller 10.5(\u003c10.5 build 67.13)",
      "Citrix Systems, Inc. NetScaler Application Delivery Controller 11.0(\u003c11.0 build 71.22)",
      "Citrix Systems, Inc. NetScaler Application Delivery Controller 11.1(\u003c11.1 build 56.19)",
      "Citrix Systems, Inc. NetScaler Application Delivery Controller 12.0(\u003c12.0 build 53.22)",
      "Citrix Systems, Inc. NetScaler Gateway 12.0(\u003c12.0 build 53.22)",
      "Citrix Systems, Inc. NetScaler Gateway 11.1(\u003c11.1 build 56.19)",
      "Citrix Systems, Inc. NetScaler Gateway 11.0(\u003c11.0 build 71.22)",
      "Citrix Systems, Inc. NetScaler Gateway 10.5(\u003c10.5 build 67.13)"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-17382",
  "serverity": "\u4e2d",
  "submitTime": "2017-12-15",
  "title": "Citrix NetScaler Application Delivery Controller\u548cNetScaler Gateway\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

GHSA-FWQ4-VPH9-WFM2

Vulnerability from github – Published: 2022-05-13 01:44 – Updated: 2025-04-20 03:49

Details

Severity ?

5.9 (Medium)


                  
                    CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-17382"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-327"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-12-13T16:29:00Z",
    "severity": "MODERATE"
  },
  "details": "Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack.",
  "id": "GHSA-fwq4-vph9-wfm2",
  "modified": "2025-04-20T03:49:59Z",
  "published": "2022-05-13T01:44:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17382"
    },
    {
      "type": "WEB",
      "url": "https://robotattack.org"
    },
    {
      "type": "WEB",
      "url": "https://support.citrix.com/article/ctx230238"
    },
    {
      "type": "WEB",
      "url": "https://www.kb.cert.org/vuls/id/144389"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/102173"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1039985"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2017-17382

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-17382

Aliases

CVE-2017-17382

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-17382",
    "description": "Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack.",
    "id": "GSD-2017-17382"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-17382"
      ],
      "details": "Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack.",
      "id": "GSD-2017-17382",
      "modified": "2023-12-13T01:21:04.447496Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2017-17382",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.citrix.com/article/ctx230238",
            "refsource": "CONFIRM",
            "url": "https://support.citrix.com/article/ctx230238"
          },
          {
            "name": "https://robotattack.org/",
            "refsource": "MISC",
            "url": "https://robotattack.org/"
          },
          {
            "name": "102173",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/102173"
          },
          {
            "name": "VU#144389",
            "refsource": "CERT-VN",
            "url": "https://www.kb.cert.org/vuls/id/144389"
          },
          {
            "name": "1039985",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1039985"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:citrix:application_delivery_controller_firmware:10.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:citrix:application_delivery_controller_firmware:11.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:citrix:application_delivery_controller_firmware:12.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:citrix:application_delivery_controller_firmware:11.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:citrix:netscaler_gateway_firmware:11.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:citrix:netscaler_gateway_firmware:10.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:citrix:netscaler_gateway_firmware:11.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:citrix:netscaler_gateway_firmware:12.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-17382"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-327"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "VU#144389",
              "refsource": "CERT-VN",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "https://www.kb.cert.org/vuls/id/144389"
            },
            {
              "name": "https://support.citrix.com/article/ctx230238",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.citrix.com/article/ctx230238"
            },
            {
              "name": "https://robotattack.org/",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://robotattack.org/"
            },
            {
              "name": "1039985",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1039985"
            },
            {
              "name": "102173",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/102173"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.2,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2019-10-03T00:03Z",
      "publishedDate": "2017-12-13T16:29Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-17382 (GCVE-0-2017-17382)

Solution

Contournement provisoire

Solution

Contournement provisoire

Solution

Solution

Solution

Solution

Tags

Sightings

Nomenclature