Citrix NetScaler Multiple Vulnerabilities (CTX140651)

High Nessus Plugin ID 74026


The remote device is affected by multiple vulnerabilities.


The remote Citrix NetScaler version is affected by multiple vulnerabilities :

- A low quality random number generation is used to produce secret key values in the implementation of the Diffie-Hellman key exchange algorithm in the management GUI Java applet. Publicly known predictors exist for the random number generator used and the seed value is only 32 or 48 bits. (CVE-2014-2881)

- The certificate validation component of the management GUI allows any certificate to be used, regardless of validity, due to assigning an empty trust manager to its SSL context. (CVE-2014-2882)


Upgrade to Citrix NetScaler 10.1-122.17 or 9.3-66.5 or later.

See Also

Plugin Details

Severity: High

ID: 74026

File Name: citrix_netscaler_CTX140651.nasl

Version: $Revision: 1.2 $

Type: combined

Family: Misc.

Published: 2014/05/15

Modified: 2015/02/12

Dependencies: 73204

Risk Information

Risk Factor: High


Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/o:citrix:netscaler_application_delivery_controller_firmware

Required KB Items: Host/NetScaler/Detected

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2014/04/28

Vulnerability Publication Date: 2014/04/28

Reference Information

CVE: CVE-2014-2881, CVE-2014-2882

BID: 67156, 67160

OSVDB: 106477, 106478