CVE-2019-6485
MEDIUMCitrix NetScaler Gateway and ADC - TLS Padding Oracle Vulnerability via CBC Cipher Suites
Title source: llmDescription
Citrix NetScaler Gateway 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 and Application Delivery Controller (ADC) 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 allow remote attackers to obtain sensitive plaintext information because of a TLS Padding Oracle Vulnerability when CBC-based cipher suites are enabled.
References (3)
Core 3
Core References
Product, Third Party Advisory x_refsource_misc
https://github.com/RUB-NDS/TLS-Padding-Oracles
Mitigation, Patch, Vendor Advisory x_refsource_misc
https://support.citrix.com/article/CTX240139
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/106783
Scores
CVSS v3
5.9
EPSS
0.0037
EPSS Percentile
58.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-327
Status
published
Products (10)
citrix/netscaler_application_delivery_controller_firmware
10.5
citrix/netscaler_application_delivery_controller_firmware
11.0
citrix/netscaler_application_delivery_controller_firmware
11.1
citrix/netscaler_application_delivery_controller_firmware
12.0
citrix/netscaler_application_delivery_controller_firmware
12.1
citrix/netscaler_gateway_firmware
10.5
citrix/netscaler_gateway_firmware
11.0
citrix/netscaler_gateway_firmware
11.1
citrix/netscaler_gateway_firmware
12.0
citrix/netscaler_gateway_firmware
12.1
Published
Feb 22, 2019
Tracked Since
Feb 18, 2026