We recently (over the last day) started getting an “F” rating on our sites hosted by the Netscaler due to the POODLE TLS vulnerability (CVE-2014-8730) however, everything I have been told by Citrix - is that our build (10.5.53.9 nc) is not vulnerable. The TL variant of the vulnerability came out in December of 2014 after SSLv3. We have had a score of A as recently as June 2015. There are some other grumblings on the Qualys’ Community board, as well as out in the wild, regarding people having a sudden drop in grade from A to F for NetScaler’s and Cisco ACE devices. Unfortunately I have not been able to find much info on why the sudden change in grade level (from A to F) after no changes on our end and no new TLS POODLE vulnerabilities. Any insight you could provide would be very helpful. Citrix support still states our build is not vulnerable to (CVE-2014-8730).
Here are some links I referenced:
Any other insight would be very helpful.