Vulnerability Details CVE-2017-6316
Citrix NetScaler SD-WAN devices through v9.1.2.26.561201 allow remote attackers to execute arbitrary shell commands as root via a CGISESSID cookie. On CloudBridge (the former name of NetScaler SD-WAN) devices, the cookie name was CAKEPHP rather than CGISESSID.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.884
EPSS Ranking 99.5%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
Proposed Action
A vulnerability has been identified in the management interface of Citrix NetScaler SD-WAN Enterprise and Standard Edition and Citrix CloudBridge Virtual WAN Edition that could result in an unauthenticated, remote attacker being able to execute arbitrary code as a root user. This vulnerability also affects XenMobile Server.
Ransomware Campaign
Unknown
References
- http://www.securityfocus.com/bid/99943
- http://www.securitytracker.com/id/1039019
- https://support.citrix.com/article/CTX225990
- https://www.exploit-db.com/exploits/42345/
- https://www.exploit-db.com/exploits/42346/
- http://www.securityfocus.com/bid/99943
- http://www.securitytracker.com/id/1039019
- https://support.citrix.com/article/CTX225990
- https://www.exploit-db.com/exploits/42345/
- https://www.exploit-db.com/exploits/42346/
Products affected by CVE-2017-6316
-
cpe:2.3:a:citrix:netscaler_sd-wan:-
-
cpe:2.3:a:citrix:netscaler_sd-wan:7.4.6
-
cpe:2.3:a:citrix:netscaler_sd-wan:9.0.0
-
cpe:2.3:a:citrix:netscaler_sd-wan:9.0.1
-
cpe:2.3:a:citrix:netscaler_sd-wan:9.1.0
-
cpe:2.3:a:citrix:netscaler_sd-wan:9.1.1
-
cpe:2.3:a:citrix:netscaler_sd-wan:9.1.2
-
cpe:2.3:a:citrix:netscaler_sd-wan:9.1.2.26.561201