CVE-2017-6316
Citrix Multiple Products Remote Code Execution Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
YesDecision
Descriptions
Citrix NetScaler SD-WAN devices through v9.1.2.26.561201 allow remote attackers to execute arbitrary shell commands as root via a CGISESSID cookie. On CloudBridge (the former name of NetScaler SD-WAN) devices, the cookie name was CAKEPHP rather than CGISESSID.
Los dispositivos Citrix NetScaler SD-WAN hasta la versiĆ³n v9.1.2.26.561201 permite a atacantes remotos ejecutar comandos de shell aleatorios como root mediante la cookie CGISESSID. En los dispositivos cloudBridge (el nombre formal de NetScaler SD-WAN), la cookie llamada fue CAKEPHP mas que CGISESSID.
A vulnerability has been identified in the management interface of Citrix NetScaler SD-WAN Enterprise and Standard Edition and Citrix CloudBridge Virtual WAN Edition that could result in an unauthenticated, remote attacker being able to execute arbitrary code as a root user. This vulnerability also affects XenMobile Server.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-02-24 CVE Reserved
- 2017-07-20 CVE Published
- 2022-03-25 Exploited in Wild
- 2022-04-15 KEV Due Date
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- 2024-10-20 EPSS Updated
CWE
- CWE-20: Improper Input Validation
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/99943 | Vdb Entry | |
| http://www.securitytracker.com/id/1039019 | Vdb Entry | |
| https://support.citrix.com/article/CTX225990 | X_refsource_confirm |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/42346 | 2024-08-05 | |
| https://www.exploit-db.com/exploits/42345 | 2024-08-05 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Citrix Search vendor "Citrix" | Netscaler Sd-wan Search vendor "Citrix" for product "Netscaler Sd-wan" | <= 9.1.2.26.561201 Search vendor "Citrix" for product "Netscaler Sd-wan" and version " <= 9.1.2.26.561201" | - |
Affected
| ||||||