CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2017-6316

Known Exploited (CISA KEV)CRITICAL
9.8
CVSS Severity Score
EPSS Score33.8170%
EPSS Percentile85.76th
Published2017年7月20日
Last Modified2026年4月21日

Vulnerability Description

Citrix NetScaler SD-WAN devices through v9.1.2.26.561201 allow remote attackers to execute arbitrary shell commands as root via a CGISESSID cookie. On CloudBridge (the former name of NetScaler SD-WAN) devices, the cookie name was CAKEPHP rather than CGISESSID.

Affected Platforms (CPE)

📦
Citrix

Netscaler Sd Wan

<= 9.1.2.26.561201

References & Advisories

🔗 http://www.securityfocus.com/bid/99943
🔗 http://www.securitytracker.com/id/1039019
🔗 https://support.citrix.com/article/CTX225990
🔗 https://www.exploit-db.com/exploits/42345/
🔗 https://www.exploit-db.com/exploits/42346/
🔗 http://www.securityfocus.com/bid/99943
🔗 http://www.securitytracker.com/id/1039019
🔗 https://support.citrix.com/article/CTX225990

相關漏洞威脅

CVE-2019-108839.8

Citrix SD-WAN Center 10.2.x before 10.2.1 and NetScaler SD-WAN Center 10.0.x before 10.0.7 allow Command Injection.

CVE-2019-129859.8

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 1 of 6).

CVE-2019-129869.8

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 2 of 6).

CVE-2019-129879.8

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 3 of 6).