Main
Vulnerability Database
Exploits
ID:1270 - Exploit for Remote code execution in Citrix CloudBridge and Citrix NetScaler SD-WAN - CVE-2017-6316
ID:1270 - Exploit for Remote code execution in Citrix CloudBridge and Citrix NetScaler SD-WAN - CVE-2017-6316
Published: March 18, 2020
Vulnerability identifier: #VU7606
Vulnerability risk: High
CVE-ID: CVE-2017-6316
CWE-ID: CWE-120
Exploitation vector: Remote access
Vulnerable software:
Citrix CloudBridge
Citrix NetScaler SD-WAN
Citrix CloudBridge
Citrix NetScaler SD-WAN
Link to public exploit:
Vulnerability description
The vulnerability allows a remote authenticated user to execute arbitrary code on the target system.
The weakness exists in the management interface of Citrix NetScaler SD-WAN Enterprise and Standard Edition and Citrix CloudBridge Virtual WAN Edition due to insufficient sanitization of user-supplied input. A remote attacker can use CGISESSID cookies to execute arbitrary code with root privileges.
Successful exploitation of the vulnerability may result in system compromise.
The weakness exists in the management interface of Citrix NetScaler SD-WAN Enterprise and Standard Edition and Citrix CloudBridge Virtual WAN Edition due to insufficient sanitization of user-supplied input. A remote attacker can use CGISESSID cookies to execute arbitrary code with root privileges.
Successful exploitation of the vulnerability may result in system compromise.
Remediation
Update to version 9.1.2.26.561201.
https://www.citrix.com/downloads/netscaler-sd-wan/?_ga=2.7838130.1074911473.1501502922-215775083.133...
https://www.citrix.com/downloads/netscaler-sd-wan/?_ga=2.7838130.1074911473.1501502922-215775083.133...