CVE-2015-3642

Published Aug 2, 2017

Last updated 7 years ago

CVSS medium 5.9

Overview

Description: The TLS and DTLS processing functionality in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway devices with firmware 9.x before 9.3 Build 68.5, 10.0 through Build 78.6, 10.1 before Build 130.13, 10.1.e before Build 130.1302.e, 10.5 before Build 55.8, and 10.5.e before Build 55.8007.e makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE).
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 3.0

Type: Primary
Base score: 5.9
Impact score: 3.6
Exploitability score: 2.2
Vector string: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-200

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:citrix:netscaler_firmware:9.0:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "77E759CD-4DF3-4B30-ADFD-9E63F753DFC1"
          },
          {
            "criteria": "cpe:2.3:o:citrix:netscaler_firmware:9.1:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "9CC7D1B6-5C2D-4407-A55C-78FE6B899B46"
          },
          {
            "criteria": "cpe:2.3:o:citrix:netscaler_firmware:9.2:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2391E6E2-5E57-4E35-8F2C-89813F999F1F"
          },
          {
            "criteria": "cpe:2.3:o:citrix:netscaler_firmware:10.0:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "61D94767-47A9-4516-BB4F-7800301214EB"
          },
          {
            "criteria": "cpe:2.3:o:citrix:netscaler_firmware:10.1:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "99708F67-F4F1-4651-88FB-97869B9704C0"
          },
          {
            "criteria": "cpe:2.3:o:citrix:netscaler_firmware:10.1e:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "6ABD1DF6-BE2F-4A23-ACD4-C33CFF68CB36"
          },
          {
            "criteria": "cpe:2.3:o:citrix:netscaler_firmware:10.5:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F0F108EA-A307-46FE-A093-5EF78182BC2A"
          },
          {
            "criteria": "cpe:2.3:o:citrix:netscaler_firmware:10.5e:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "208B0DD8-6635-4201-B565-FDA647F9F2E3"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:citrix:netscaler_application_delivery_controller:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "81FD5100-3ADB-4C21-BCE5-CDA7C4C1D8B9"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:citrix:netscaler_firmware:9.0:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "77E759CD-4DF3-4B30-ADFD-9E63F753DFC1"
          },
          {
            "criteria": "cpe:2.3:o:citrix:netscaler_firmware:9.1:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "9CC7D1B6-5C2D-4407-A55C-78FE6B899B46"
          },
          {
            "criteria": "cpe:2.3:o:citrix:netscaler_firmware:9.2:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2391E6E2-5E57-4E35-8F2C-89813F999F1F"
          },
          {
            "criteria": "cpe:2.3:o:citrix:netscaler_firmware:10.0:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "61D94767-47A9-4516-BB4F-7800301214EB"
          },
          {
            "criteria": "cpe:2.3:o:citrix:netscaler_firmware:10.1:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "99708F67-F4F1-4651-88FB-97869B9704C0"
          },
          {
            "criteria": "cpe:2.3:o:citrix:netscaler_firmware:10.1e:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "6ABD1DF6-BE2F-4A23-ACD4-C33CFF68CB36"
          },
          {
            "criteria": "cpe:2.3:o:citrix:netscaler_firmware:10.5:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F0F108EA-A307-46FE-A093-5EF78182BC2A"
          },
          {
            "criteria": "cpe:2.3:o:citrix:netscaler_firmware:10.5e:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "208B0DD8-6635-4201-B565-FDA647F9F2E3"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:citrix:netscaler_gateway:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DEBB9B6A-1CAD-4D82-9B1E-939921986053"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References