CyberSec.Space Logo
Back to CVE Browser

CVE-2017-6316

Known Exploited (CISA KEV)CRITICAL
9.8
CVSS Severity Score
EPSS Score33.8170%
EPSS Percentile85.76th
PublishedJul 20, 2017
Last ModifiedApr 21, 2026

Vulnerability Description

Citrix NetScaler SD-WAN devices through v9.1.2.26.561201 allow remote attackers to execute arbitrary shell commands as root via a CGISESSID cookie. On CloudBridge (the former name of NetScaler SD-WAN) devices, the cookie name was CAKEPHP rather than CGISESSID.

Affected Platforms (CPE)

πŸ“¦
Citrix

Netscaler Sd Wan

<= 9.1.2.26.561201

References & Advisories

πŸ”— http://www.securityfocus.com/bid/99943
πŸ”— http://www.securitytracker.com/id/1039019
πŸ”— https://support.citrix.com/article/CTX225990
πŸ”— https://www.exploit-db.com/exploits/42345/
πŸ”— https://www.exploit-db.com/exploits/42346/
πŸ”— http://www.securityfocus.com/bid/99943
πŸ”— http://www.securitytracker.com/id/1039019
πŸ”— https://support.citrix.com/article/CTX225990

Related Vulnerabilities

CVE-2019-108839.8

Citrix SD-WAN Center 10.2.x before 10.2.1 and NetScaler SD-WAN Center 10.0.x before 10.0.7 allow Command Injection.

CVE-2019-129859.8

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 1 of 6).

CVE-2019-129869.8

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 2 of 6).

CVE-2019-129879.8

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 3 of 6).