CVE-2017-5933 Citrix CVE debrief

Who should care

Organizations operating Citrix NetScaler ADC or NetScaler Gateway instances in the affected version ranges, especially internet-facing deployments and environments handling sensitive traffic.

Technical summary

The NVD record describes a GCM nonce generation problem affecting Citrix NetScaler ADC and Gateway firmware builds up to 10.5.65.11, 11.0.69.12, and 11.1.51.21. NVD assigns CWE-200 and CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N, indicating a remotely reachable confidentiality-impacting issue with high attack complexity. The vendor advisory referenced by NVD is CTX220329.

Defensive priority

Medium — patch promptly, with higher urgency for exposed Citrix appliances or systems carrying sensitive authentication traffic.

Recommended defensive actions

• Upgrade Citrix NetScaler ADC/Gateway to a fixed build at or above the versions listed by NVD: 10.5.65.11, 11.0.69.12, or 11.1.51.21, depending on branch.
• Inventory all Citrix NetScaler ADC and Gateway deployments to confirm whether they fall within the affected version ranges.
• Prioritize remediation on internet-facing systems and any appliance terminating sensitive sessions.
• Review the Citrix vendor advisory (CTX220329) and the NVD record for the applicable fixed-build guidance.
• Track the affected assets as a confidentiality-risk issue rather than an availability issue, since NVD lists impact to confidentiality only.

Evidence notes

Primary evidence comes from the NVD record and its cited vendor advisory. The NVD entry states affected versions ending at 10.5.65.11, 11.0.69.12, and 11.1.51.21, and lists CVSS 3.0 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N with CWE-200. The CVE description says the issue involves random GCM nonces and may allow spoofing of data. No Known Exploited Vulnerability (KEV) entry was provided in the source corpus.

Official resources