CVE-2017-6316

Confirmed PUBLISHED

Citrix NetScaler SD-WAN devices through v9.1.2.26.561201 allow remote attackers to execute arbitrary shell commands as root via a CGISESSID cookie....

Citrix · NetScaler SD-WAN
Exploited in the wild

Recommended Action

Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.

Confidence
Confirmed
Exploitation Status
Exploited in the wild
Observed in Sensors
No
Attempts (30d)
Unique Attacker IPs
CISA KEV
In CISA KEV
CVSS / EPSS
9.8 Critical

At a Glance

Citrix NetScaler SD-WAN devices through v9.1.2.26.561201 allow remote attackers to execute arbitrary shell commands as root via a CGISESSID cookie. On CloudBridge (the former name of NetScaler SD-WAN) devices, the cookie name was CAKEPHP rather than CGISESSID.

php cisa
CVE Published
Jul 20, 2017
Exploitation Reported
Mar 25, 2022
CVSS
9.8 Critical
EPSS
Remote Low complexity No user interaction Unauthenticated

Affected Versions

Vendor Product Version Status
n/a
n/a

n/a

Affected

CVE References

  • 42345 exploit-db.com · Exploit https://www.exploit-db.com/exploits/42345/
  • 42346 exploit-db.com · Exploit https://www.exploit-db.com/exploits/42346/
  • 1039019 securitytracker.com · VDB Entry http://www.securitytracker.com/id/1039019
  • 99943 securityfocus.com · VDB Entry http://www.securityfocus.com/bid/99943
  • support.citrix.com/article/CTX225990 support.citrix.com · CVE Record https://support.citrix.com/article/CTX225990

Recommended Actions

  • Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.