Client Alert: TLS Padding Oracle Vulnerability in Multiple NetScaler Products

by Aaron Silber
Managing Director – NY Region

A vulnerability has been discovered in some editions of the NetScaler ADC as well as the NetScaler Gateway product line that could allow an attacker to decrypt TLS traffic. This issue is similar to an issue with SSL discovered a few months ago, but this time the attack targets TLS.

The following NetScalers versions are affected:

• Citrix NetScaler ADC and NetScaler Gateway version 12.0 earlier than build 53.22
• Citrix NetScaler ADC and NetScaler Gateway version 11.1 earlier than build 56.19
• Citrix NetScaler ADC and NetScaler Gateway version 11.0 earlier than build 71.22
• Citrix NetScaler ADC and NetScaler Gateway version 10.5 earlier than build 67.13

Helient strongly recommends that anyone running one of the affected versions above make a plan to upgrade as soon as possible. We have a team of experts on hand ready to assist.

Please see the Citrix article: https://support.citrix.com/article/CTX230238 for more information and contact Helient if you require any assistance or have any important questions on NetScaler.