Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2017-6316
HistoryJul 20, 2017 - 4:29 a.m.

CVE-2017-6316

2017-07-2004:29:00
CWE-20
[email protected]
web.nvd.nist.gov
829
In Wild
citrix
netscaler
sd-wan
v9.1.2.26.561201
remote code execution
cgisessid
cakephp
nvd

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.962 High

EPSS

Percentile

99.5%

JSON

Citrix NetScaler SD-WAN devices through v9.1.2.26.561201 allow remote attackers to execute arbitrary shell commands as root via a CGISESSID cookie. On CloudBridge (the former name of NetScaler SD-WAN) devices, the cookie name was CAKEPHP rather than CGISESSID.

Affected configurations

NVD
Node
citrixnetscaler_sd-wanRange9.1.2.26.561201

Related

dsquare 2
checkpoint_advisories 1
cisa_kev 1
cvelist 1
zdt 1
prion 1
nessus 1
nvd 1
attackerkb 1
dsquare
dsquare
Citrix NetScaler SD-WAN RCE
2017-07-22 00:00:00
Citrix CloudBridge RCE
2017-07-22 00:00:00
checkpoint_advisories
checkpoint_advisories
Citrix NetScaler SD-WAN Remote Code Execution (CVE-2017-6316)
2022-04-13 00:00:00
cisa_kev
cisa_kev
Citrix Multiple Products Remote Code Execution Vulnerability
2022-03-25 00:00:00
cvelist
cvelist
CVE-2017-6316
2017-07-20 04:00:00
zdt
zdt
Citrix CloudBridge - CAKEPHP Cookie Command Injection Vulnerability
2017-07-20 00:00:00
prion
prion
Design/Logic Flaw
2017-07-20 04:29:00
nessus
nessus
Citrix SD-WAN Cookie Command Injection
2019-01-25 00:00:00
nvd
nvd
CVE-2017-6316
2017-07-20 04:29:00
attackerkb
attackerkb
CVE-2017-6316
2017-07-20 00:00:00

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.962 High

EPSS

Percentile

99.5%

JSON
Related for CVE-2017-6316
dsquare2checkpoint_advisories1cisa_kev1cvelist1zdt1prion1nessus1nvd1attackerkb1