CVE-2017-6316
CVE-2017-6316
In short
Citrix NetScaler SD-WAN devices contain a critical flaw where attackers can execute commands with root privileges by manipulating a cookie in web requests. This allows complete takeover of the device without authentication.
Technical detail
Remote unauthenticated attackers can execute arbitrary shell commands as root by crafting requests with a malicious CGISESSID cookie (or CAKEPHP on CloudBridge devices). The vulnerability exists in versions through v9.1.2.26.561201 and requires no authentication or user interaction; the attack vector is network-based HTTP requests to the device's web interface.
Summary generated and translated by AI from the official description.
Citrix NetScaler SD-WAN devices through v9.1.2.26.561201 allow remote attackers to execute arbitrary shell commands as root via a CGISESSID cookie. On CloudBridge (the former name of NetScaler SD-WAN) devices, the cookie name was CAKEPHP rather than CGISESSID.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/apublic PoCs found — 4
cve_referencewww.exploit-db.com/exploits/42345/unverifiedcve_referencewww.exploit-db.com/exploits/42346/unverifiedexploitdbwww.exploit-db.com/exploits/42346unverifiedexploitdbwww.exploit-db.com/exploits/42345unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://support.citrix.com/article/CTX225990https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-6316https://www.exploit-db.com/exploits/42345/https://www.exploit-db.com/exploits/42346/http://www.securityfocus.com/bid/99943http://www.securitytracker.com/id/1039019