Security News > 2020 > November > Citrix SD-WAN Bugs Allow Remote Code Execution
Three security bugs in the Citrix software-defined-WAN platform would allow remote code-execution and network takeover, according to researchers.
The first vulnerability allows unauthenticated RCE with root privileges in Citrix SD-WAN Center, according to Citrix.
The Citrix SD-WAN infrastructure runs on Apache with CakePHP2 as the framework.
Last week, Realmode disclosed three remote code-execution security bugs in the Silver Peak Unity Orchestrator for SD-WAN. They can be chained together to allow network takeover by unauthenticated attackers.
Last December, a critical zero-day bug was found in various versions of its Citrix Application Delivery Controller and Citrix Gateway products that allowed appliance takeover and RCE, used in SD-WAN implementations.
News URL
https://threatpost.com/citrix-sd-wan-bugs-remote-code-execution/161274/