Vulnerabilities > CVE-2017-6316 - Unspecified vulnerability in Citrix Netscaler Sd-Wan
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Citrix NetScaler SD-WAN devices through v9.1.2.26.561201 allow remote attackers to execute arbitrary shell commands as root via a CGISESSID cookie. On CloudBridge (the former name of NetScaler SD-WAN) devices, the cookie name was CAKEPHP rather than CGISESSID.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 8 |
D2sec
name Citrix CloudBridge RCE url http://www.d2sec.com/exploits/citrix_cloudbridge_rce.html name Citrix NetScaler SD-WAN RCE url http://www.d2sec.com/exploits/citrix_netscaler_sd-wan_rce.html
Exploit-Db
description Citrix CloudBridge - 'CAKEPHP' Cookie Command Injection. CVE-2017-6316. Webapps exploit for CGI platform file exploits/cgi/webapps/42346.txt id EDB-ID:42346 last seen 2017-07-19 modified 2017-07-19 platform cgi port published 2017-07-19 reporter Exploit-DB source https://www.exploit-db.com/download/42346/ title Citrix CloudBridge - 'CAKEPHP' Cookie Command Injection type webapps description Netscaler SD-WAN 9.1.2.26.561201 - Command Injection (Metasploit). CVE-2017-6316. Webapps exploit for CGI platform file exploits/cgi/webapps/42345.rb id EDB-ID:42345 last seen 2017-07-19 modified 2017-07-19 platform cgi port published 2017-07-19 reporter Exploit-DB source https://www.exploit-db.com/download/42345/ title Netscaler SD-WAN 9.1.2.26.561201 - Command Injection (Metasploit) type webapps
Nessus
NASL family | CGI abuses |
NASL id | CITRIX_SDWAN_COOKIE_CMD_INJECTION.NASL |
description | The remote Citrix SD-WAN appliance is affected by a remote command injection vulnerability due to improper sanitization of user-supplied input. An unauthenticated, remote attacker can exploit this, via a specially crafted cookie in an HTTP request, to execute arbitrary commands on the appliance. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 121386 |
published | 2019-01-25 |
reporter | This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/121386 |
title | Citrix SD-WAN Cookie Command Injection |
code |
|
References
- http://www.securityfocus.com/bid/99943
- http://www.securityfocus.com/bid/99943
- http://www.securitytracker.com/id/1039019
- http://www.securitytracker.com/id/1039019
- https://support.citrix.com/article/CTX225990
- https://support.citrix.com/article/CTX225990
- https://www.exploit-db.com/exploits/42345/
- https://www.exploit-db.com/exploits/42345/
- https://www.exploit-db.com/exploits/42346/
- https://www.exploit-db.com/exploits/42346/