Citrix NetScaler SD-WAN devices through v9.1.2.26.561201 allow remote malicious users to execute arbitrary shell commands as root via a CGISESSID cookie. On CloudBridge (the former name of NetScaler SD-WAN) devices, the cookie name was CAKEPHP rather than CGISESSID.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
citrix netscaler sd-wan |