CVE-2017-6316
CVE-2017-6316
Vexday Risk Score
100Fix now
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
Exploit maturity
Proof of concept
Public proof of concept exists, but not yet automated.
CVSS 9.8EPSS 72.6%KEV simPoC públicaNuclei —Metasploit —Patch —
Lifecycle
19 Jul 2017Public PoC
20 Jul 2017Published on NVD
25 Mar 2022Active exploitation (CISA KEV)
Weaponization speed
1709 daysto active exploitation (KEV)
Recommendation: Patch as soon as possible — active exploitation confirmed.
In short
Citrix NetScaler SD-WAN devices contain a critical flaw where attackers can execute commands with root privileges by manipulating a cookie in web requests. This allows complete takeover of the device without authentication.
Technical detail
Remote unauthenticated attackers can execute arbitrary shell commands as root by crafting requests with a malicious CGISESSID cookie (or CAKEPHP on CloudBridge devices). The vulnerability exists in versions through v9.1.2.26.561201 and requires no authentication or user interaction; the attack vector is network-based HTTP requests to the device's web interface.
Summary generated and translated by AI from the official description.
Citrix NetScaler SD-WAN devices through v9.1.2.26.561201 allow remote attackers to execute arbitrary shell commands as root via a CGISESSID cookie. On CloudBridge (the former name of NetScaler SD-WAN) devices, the cookie name was CAKEPHP rather than CGISESSID.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/apublic PoCs found — 4
cve_referencewww.exploit-db.com/exploits/42345/unverifiedcve_referencewww.exploit-db.com/exploits/42346/unverifiedexploitdbwww.exploit-db.com/exploits/42346unverifiedexploitdbwww.exploit-db.com/exploits/42345unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
References
https://support.citrix.com/article/CTX225990https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-6316https://www.exploit-db.com/exploits/42345/https://www.exploit-db.com/exploits/42346/http://www.securityfocus.com/bid/99943http://www.securitytracker.com/id/1039019