← back
CVE-2017-6316

CVE-2017-6316

CVSS 9.8 CRITICALEPSS 72.6%● KEV
Vexday Risk Score
100Fix now
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
Exploit maturity
Proof of concept
Public proof of concept exists, but not yet automated.
CVSS 9.8EPSS 72.6%KEV simPoC públicaNuclei Metasploit Patch
Lifecycle
19 Jul 2017Public PoC
20 Jul 2017Published on NVD
25 Mar 2022Active exploitation (CISA KEV)
Weaponization speed
1709 daysto active exploitation (KEV)
Recommendation: Patch as soon as possible — active exploitation confirmed.
In short

Citrix NetScaler SD-WAN devices contain a critical flaw where attackers can execute commands with root privileges by manipulating a cookie in web requests. This allows complete takeover of the device without authentication.

Technical detail

Remote unauthenticated attackers can execute arbitrary shell commands as root by crafting requests with a malicious CGISESSID cookie (or CAKEPHP on CloudBridge devices). The vulnerability exists in versions through v9.1.2.26.561201 and requires no authentication or user interaction; the attack vector is network-based HTTP requests to the device's web interface.

Summary generated and translated by AI from the official description.
Citrix NetScaler SD-WAN devices through v9.1.2.26.561201 allow remote attackers to execute arbitrary shell commands as root via a CGISESSID cookie. On CloudBridge (the former name of NetScaler SD-WAN) devices, the cookie name was CAKEPHP rather than CGISESSID.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/a
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.