Citrix NetScaler Multiple Vulnerabilities (CTX140651)
High Nessus Plugin ID 74026
SynopsisThe remote device is affected by multiple vulnerabilities.
DescriptionThe remote Citrix NetScaler version is affected by multiple vulnerabilities :
- A low quality random number generation is used to produce secret key values in the implementation of the Diffie-Hellman key exchange algorithm in the management GUI Java applet. Publicly known predictors exist for the random number generator used and the seed value is only 32 or 48 bits. (CVE-2014-2881)
- The certificate validation component of the management GUI allows any certificate to be used, regardless of validity, due to assigning an empty trust manager to its SSL context. (CVE-2014-2882)
SolutionUpgrade to Citrix NetScaler 10.1-122.17 or 9.3-66.5 or later.