TLS PADDING ORACLE VULNERABILITY IN MULTIPLE NETSCALER PRODUCTS

A vulnerability has been discovered in some editions of the NetScaler ADC as well as the NetScaler Gateway product line that could allow an attacker to decrypt TLS traffic. This issue is similar to an issue with SSL discovered a few months ago, but this time the attack targets TLS.

The following NetScalers versions are affected:

  • Citrix NetScaler ADC and NetScaler Gateway version 12.0 earlier than build 53.22
  • Citrix NetScaler ADC and NetScaler Gateway version 11.1 earlier than build 56.19
  • Citrix NetScaler ADC and NetScaler Gateway version 11.0 earlier than build 71.22
  • Citrix NetScaler ADC and NetScaler Gateway version 10.5 earlier than build 67.13

Please see the Citrix article: https://support.citrix.com/article/CTX230238 for more information. If you need any assistance with this or any other NetScaler work, please feel free to contact me or visit Helient who have deep knowledge on the NetScaler platform.

No comments:

Post a Comment