Security News > 2020 > November > Citrix SD-WAN Bugs Allow Remote Code Execution

Citrix SD-WAN Bugs Allow Remote Code Execution
2020-11-16 20:20

Three security bugs in the Citrix software-defined-WAN platform would allow remote code-execution and network takeover, according to researchers.

The first vulnerability allows unauthenticated RCE with root privileges in Citrix SD-WAN Center, according to Citrix.

The Citrix SD-WAN infrastructure runs on Apache with CakePHP2 as the framework.

Last week, Realmode disclosed three remote code-execution security bugs in the Silver Peak Unity Orchestrator for SD-WAN. They can be chained together to allow network takeover by unauthenticated attackers.

Last December, a critical zero-day bug was found in various versions of its Citrix Application Delivery Controller and Citrix Gateway products that allowed appliance takeover and RCE, used in SD-WAN implementations.


News URL

https://threatpost.com/citrix-sd-wan-bugs-remote-code-execution/161274/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Citrix 118 20 177 80 65 342