Critical severity9.8CISA KEVNVD Advisory· Published Jul 20, 2017· Updated Apr 21, 2026

CVE-2017-6316

Description

Citrix NetScaler SD-WAN devices through v9.1.2.26.561201 allow remote attackers to execute arbitrary shell commands as root via a CGISESSID cookie. On CloudBridge (the former name of NetScaler SD-WAN) devices, the cookie name was CAKEPHP rather than CGISESSID.

Affected products

Citrix Systems/Netscaler Sd Wan
cpe:2.3:a:citrix:netscaler_sd-wan:*:*:*:*:*:*:*:*
Range: <=9.1.2.26.561201

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.exploit-db.com/exploits/42345/nvdExploitThird Party AdvisoryVDB Entry
www.securityfocus.com/bid/99943nvdBroken LinkThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1039019nvdBroken LinkThird Party AdvisoryVDB Entry
www.exploit-db.com/exploits/42346/nvdThird Party AdvisoryVDB Entry
support.citrix.com/article/CTX225990nvdPermissions Required
www.cisa.gov/known-exploited-vulnerabilities-catalognvdUS Government Resource

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.070
exploit	0.030
kev	0.120
patch	0.000
ransomware	0.000