CVE-2017-6316 : Citrix NetScaler SD-WAN devices through v9.1.2.26.561201 allow remote attackers to execute arbitrary shell commands as r

Citrix NetScaler SD-WAN devices through v9.1.2.26.561201 allow remote attackers to execute arbitrary shell commands as root via a CGISESSID cookie. On CloudBridge (the former name of NetScaler SD-WAN) devices, the cookie name was CAKEPHP rather than CGISESSID.

Published 2017-07-20 04:29:00

Updated 2017-09-16 01:29:04

Source MITRE

View at NVD, CVE.org

Vulnerability category: Input validation

CVE-2017-6316 is in the CISA Known Exploited Vulnerabilities Catalog

CISA vulnerability name:

Citrix Multiple Products Remote Code Execution Vulnerability

CISA required action:

Apply updates per vendor instructions.

CISA description:

A vulnerability has been identified in the management interface of Citrix NetScaler SD-WAN Enterprise and Standard Edition and Citrix CloudBridge Virtual WAN Edition that could result in an unauthenticated, remote attacker being able to execute arbitrary code as a root user. This vulnerability also

Added on 2022-03-25 Action due date 2022-04-15

Exploit prediction scoring system (EPSS) score for CVE-2017-6316

Probability of exploitation activity in the next 30 days: 96.17%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 99 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2017-6316

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
9.8	CRITICAL	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2017-6316

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2017-6316

https://www.exploit-db.com/exploits/42345/

Netscaler SD-WAN 9.1.2.26.561201 - Command Injection (Metasploit)
Exploit;Third Party Advisory;VDB Entry
https://www.exploit-db.com/exploits/42346/

Citrix CloudBridge - 'CAKEPHP' Cookie Command Injection
Third Party Advisory;VDB Entry
http://www.securityfocus.com/bid/99943

Multiple Citrix Products CVE-2017-6316 Remote Code Execution Vulnerability
https://support.citrix.com/article/CTX225990

Vulnerability in Citrix NetScaler SD-WAN Enterprise & Standard Edition and Citrix CloudBridge Virtual WAN Edition Could Result in Unauthenticated Remote Code Execution
http://www.securitytracker.com/id/1039019

Citrix NetScaler SD-WAN Unspecified Flaw in Management Interface Lets Remote Users Execute Arbitrary Code on the Target System - SecurityTracker

Products affected by CVE-2017-6316