A vulnerability has been identified in the Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway Packet Engine that could result in the disclosure of cleartext traffic from the backend client TLS handshake.

This vulnerability only affects connections between a Citrix Netscaler ADC or NetScaler Gateway virtual appliance and a backend server where both TLS with client certificates is enabled and where a Diffie-Hellman Ephemeral (DHE) key exchange is used.

Citrix NetScaler MPX and NetScaler SDX hardware appliances are not impacted by this vulnerability.

This vulnerability has been assigned the following CVE:

CVE-2017-17549: Information Disclosure in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway Client TLS Handshake

This vulnerability affects the following versions of Citrix NetScaler ADC and NetScaler Gateway virtual appliances: