Detections
Analytics

Citrix NetScaler Multiple Vulnerabilities (CTX140651)

critical Nessus Plugin ID 74026

Language:

Synopsis

The remote device is affected by multiple vulnerabilities.

Description

The remote Citrix NetScaler version is affected by multiple vulnerabilities :

 - A low quality random number generation is used to produce secret key values in the implementation of the Diffie-Hellman key exchange algorithm in the management GUI Java applet. Publicly known predictors exist for the random number generator used and the seed value is only 32 or 48 bits. (CVE-2014-2881)

 - The certificate validation component of the management GUI allows any certificate to be used, regardless of validity, due to assigning an empty trust manager to its SSL context. (CVE-2014-2882)

Solution

Upgrade to Citrix NetScaler 10.1-122.17 or 9.3-66.5 or later.

See Also

https://support.citrix.com/article/CTX140651

https://www.securityfocus.com/archive/1/532041/30/0/threaded

https://www.securityfocus.com/archive/1/532042/30/0/threaded

Plugin Details

Severity: Critical

ID: 74026

File Name: citrix_netscaler_CTX140651.nasl

Version: 1.5

Type: combined

Family: Misc.

Published: 5/15/2014

Updated: 11/26/2019

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2014-2882

Vulnerability Information

CPE: cpe:/o:citrix:netscaler_application_delivery_controller_firmware

Required KB Items: Host/NetScaler/Detected

Exploit Ease: No known exploits are available

Patch Publication Date: 4/28/2014

Vulnerability Publication Date: 4/28/2014

Reference Information

CVE: CVE-2014-2881, CVE-2014-2882

BID: 67156, 67160