CVE-2017-6316

Name of the Vulnerable Software and Affected Versions Citrix NetScaler SD-WAN devices through v9.1.2.26.561201

Description The issue exists due to insufficient input validation in the management interface component of Citrix NetScaler SD-WAN. This allows a remote attacker to execute arbitrary shell commands with root privileges by using a CGISESSID cookie. On CloudBridge devices, which were formerly known as NetScaler SD-WAN, the cookie name used was CAKEPHP instead of CGISESSID.

Recommendations For Citrix NetScaler SD-WAN devices through v9.1.2.26.561201, consider disabling the use of CGISESSID cookies or restricting access to the management interface as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.