CVE-2019-6485
Last modified
CVE-2019-6485 is a vulnerability of currently unknown severity. Citrix NetScaler Gateway 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 and Application Delivery Controller (ADC) 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 allow remote attackers to obtain sensitive plaintext information because of a TLS Padding Oracle Vulnerability when CBC-based cipher suites are enabled.. EPSS estimates a 2.31% chance of exploitation in the next 30 days.
Description
Citrix NetScaler Gateway 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 and Application Delivery Controller (ADC) 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 allow remote attackers to obtain sensitive plaintext information because of a TLS Padding Oracle Vulnerability when CBC-based cipher suites are enabled.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Citrix | Netscaler Gateway Firmware | 10.5 |
| Citrix | Netscaler Gateway Firmware | 11.0 |
| Citrix | Netscaler Gateway Firmware | 11.1 |
| Citrix | Netscaler Gateway Firmware | 12.0 |
| Citrix | Netscaler Gateway Firmware | 12.1 |
| Citrix | Netscaler Application Delivery Controller Firmware | 10.5 |
| Citrix | Netscaler Application Delivery Controller Firmware | 11.0 |
| Citrix | Netscaler Application Delivery Controller Firmware | 11.1 |
| Citrix | Netscaler Application Delivery Controller Firmware | 12.0 |
| Citrix | Netscaler Application Delivery Controller Firmware | 12.1 |
References
- http://www.securityfocus.com/bid/106783Third Party Advisory, VDB Entry
- https://github.com/RUB-NDS/TLS-Padding-OraclesProduct, Third Party Advisory
- https://support.citrix.com/article/CTX240139Mitigation, Patch, Vendor Advisory
- http://www.securityfocus.com/bid/106783Third Party Advisory, VDB Entry
- https://github.com/RUB-NDS/TLS-Padding-OraclesProduct, Third Party Advisory
- https://support.citrix.com/article/CTX240139Mitigation, Patch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-6485?
How severe is CVE-2019-6485?
How do I fix CVE-2019-6485?
Are you affected by CVE-2019-6485?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST