| ID |
CVE-2017-6316
|
| Summary |
Citrix NetScaler SD-WAN devices through v9.1.2.26.561201 allow remote attackers to execute arbitrary shell commands as root via a CGISESSID cookie. On CloudBridge (the former name of NetScaler SD-WAN) devices, the cookie name was CAKEPHP rather than CGISESSID. |
| References |
|
| Vulnerable Configurations |
-
cpe:2.3:a:citrix:netscaler_sd-wan:-:*:*:*:*:*:*:*
cpe:2.3:a:citrix:netscaler_sd-wan:-:*:*:*:*:*:*:*
-
cpe:2.3:a:citrix:netscaler_sd-wan:7.4.6:*:*:*:*:*:*:*
cpe:2.3:a:citrix:netscaler_sd-wan:7.4.6:*:*:*:*:*:*:*
-
cpe:2.3:a:citrix:netscaler_sd-wan:9.0.0:*:*:*:*:*:*:*
cpe:2.3:a:citrix:netscaler_sd-wan:9.0.0:*:*:*:*:*:*:*
-
cpe:2.3:a:citrix:netscaler_sd-wan:9.0.1:*:*:*:*:*:*:*
cpe:2.3:a:citrix:netscaler_sd-wan:9.0.1:*:*:*:*:*:*:*
-
cpe:2.3:a:citrix:netscaler_sd-wan:9.1.0:*:*:*:*:*:*:*
cpe:2.3:a:citrix:netscaler_sd-wan:9.1.0:*:*:*:*:*:*:*
-
cpe:2.3:a:citrix:netscaler_sd-wan:9.1.1:*:*:*:*:*:*:*
cpe:2.3:a:citrix:netscaler_sd-wan:9.1.1:*:*:*:*:*:*:*
-
cpe:2.3:a:citrix:netscaler_sd-wan:9.1.2:*:*:*:*:*:*:*
cpe:2.3:a:citrix:netscaler_sd-wan:9.1.2:*:*:*:*:*:*:*
-
cpe:2.3:a:citrix:netscaler_sd-wan:9.1.2.26.561201:*:*:*:*:*:*:*
cpe:2.3:a:citrix:netscaler_sd-wan:9.1.2.26.561201:*:*:*:*:*:*:*
|
| CVSS |
| Base: | 10.0 (as of 16-07-2024 - 17:58) |
| Impact: | |
| Exploitability: | |
|
| CWE |
NVD-CWE-noinfo |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
LOW |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| COMPLETE |
COMPLETE |
COMPLETE |
|
| cvss-vector
via4
|
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
| d2sec
via4
|
|
| refmap
via4
|
|
| Last major update |
16-07-2024 - 17:58 |
| Published |
20-07-2017 - 04:29 |
| Last modified |
16-07-2024 - 17:58 |
