Security News > 2020 > November > VMware SD-WAN Vulnerabilities Expose Enterprise Networks to Attacks
VMware on Wednesday patched a total of six vulnerabilities in its SD-WAN Orchestrator product, including flaws that can be chained by an attacker to steer traffic or shut down an enterprise network.
Three of the vulnerabilities were reported to VMware by Israel-based cybersecurity consulting firm Realmode Labs.
Ariel Tempelhof, co-founder and CEO of Realmode Labs, told SecurityWeek that some of the vulnerabilities they've found can be chained for unauthenticated remote code execution.
Exploitation of the SQL injection and path traversal vulnerabilities requires authentication, but the password-related flaw found by the company's researchers allows an attacker to achieve the authentication requirement.
It's worth noting that Realmode Labs recently also found serious remote code execution vulnerabilities in Silver Peak's Unity Orchestrator and Citrix SD-WAN. The company has already published blog posts describing those findings and it will soon detail the VMware flaws as well.
News URL
Related news
- OvrC Platform Vulnerabilities Expose IoT Devices to Remote Attacks and Code Execution (source)
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
- New 'Helldown' Ransomware Variant Expands Attacks to VMware and Linux Systems (source)
- VPN vulnerabilities, weak credentials fuel ransomware attacks (source)