thrunt.me Applied Cybernetics Group

March 25, 2022 · Applied Cybernetics Group

CVE-2017-6316 — Citrix NetScaler SD-WAN Enterprise, CloudBridge Virtual WAN, and XenMobile Server

Citrix Multiple Products Remote Code Execution Vulnerability

Added to KEV
2022-03-25
Federal due date
2022-04-15
Vendor
Citrix
Product
NetScaler SD-WAN Enterprise, CloudBridge Virtual WAN, and XenMobile Server
EPSS
99.5th percentile (score 0.879, as of 2026-06-08)
NVD CVSS v3.1
Ransomware use
Unknown
Upstream
https://nvd.nist.gov/vuln/detail/CVE-2017-6316

CISA short description

A vulnerability has been identified in the management interface of Citrix NetScaler SD-WAN Enterprise and Standard Edition and Citrix CloudBridge Virtual WAN Edition that could result in an unauthenticated, remote attacker being able to execute arbitrary code as a root user. This vulnerability also affects XenMobile Server.

Required action

Apply updates per vendor instructions.

EPSS percentile is the FIRST.org exploit-probability ranking as of the date noted above; it moves daily. CVSS reflects NVD's analysis at time of publication.