Citrix SD-WAN Bugs Allow Remote Code Execution

2020-11-16 20:20

Three security bugs in the Citrix software-defined-WAN platform would allow remote code-execution and network takeover, according to researchers.

The first vulnerability allows unauthenticated RCE with root privileges in Citrix SD-WAN Center, according to Citrix.

The Citrix SD-WAN infrastructure runs on Apache with CakePHP2 as the framework.

Last week, Realmode disclosed three remote code-execution security bugs in the Silver Peak Unity Orchestrator for SD-WAN. They can be chained together to allow network takeover by unauthenticated attackers.

Last December, a critical zero-day bug was found in various versions of its Citrix Application Delivery Controller and Citrix Gateway products that allowed appliance takeover and RCE, used in SD-WAN implementations.

News URL

https://threatpost.com/citrix-sd-wan-bugs-remote-code-execution/161274/

#citrix #codeexecution #sdwan #WAN

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Citrix		118	20	177	80	65	342