Remote code execution in Citrix CloudBridge and Citrix NetScaler SD-WAN - CVE-2017-6316
Published: July 31, 2017 / Updated: March 25, 2022
Vulnerability identifier: #VU7606
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber
CVE-ID: CVE-2017-6316
CWE-ID: CWE-120
Exploitation vector: Remote access
Exploit availability:
The vulnerability is being exploited in the wild
Vendor: Citrix
Affected software:
Citrix CloudBridge
Citrix NetScaler SD-WAN
Citrix CloudBridge
Citrix NetScaler SD-WAN
Detailed vulnerability description
The vulnerability allows a remote authenticated user to execute arbitrary code on the target system.
The weakness exists in the management interface of Citrix NetScaler SD-WAN Enterprise and Standard Edition and Citrix CloudBridge Virtual WAN Edition due to insufficient sanitization of user-supplied input. A remote attacker can use CGISESSID cookies to execute arbitrary code with root privileges.
Successful exploitation of the vulnerability may result in system compromise.
The weakness exists in the management interface of Citrix NetScaler SD-WAN Enterprise and Standard Edition and Citrix CloudBridge Virtual WAN Edition due to insufficient sanitization of user-supplied input. A remote attacker can use CGISESSID cookies to execute arbitrary code with root privileges.
Successful exploitation of the vulnerability may result in system compromise.
How to mitigate CVE-2017-6316
Update to version 9.1.2.26.561201.
https://www.citrix.com/downloads/netscaler-sd-wan/?_ga=2.7838130.1074911473.1501502922-215775083.133...
https://www.citrix.com/downloads/netscaler-sd-wan/?_ga=2.7838130.1074911473.1501502922-215775083.133...