Security News > 2020 > November > SD-WAN Product Vulnerabilities Allow Hackers to Steer Traffic, Shut Down Networks
Researchers at cybersecurity consulting firm Realmode Labs have identified vulnerabilities in SD-WAN products from Silver Peak, Cisco, Citrix and VMware, including potentially serious flaws that can be exploited to steer traffic or completely shut down an organization's network.
Realmode Labs has published four blog posts this month describing the vulnerabilities found by Ariel Tempelhof and Yaar Hahn in SD-WAN solutions from VMware, Cisco, Citrix and Silver Peak, which HP acquired earlier this year.
Tempelhof told SecurityWeek that the details of the vulnerabilities were disclosed after each of the impacted vendors released patches within 90 days.
The security holes found in VMware's SD-WAN Orchestrator product can also allow remote code execution.
"Gaining unrestricted access to this allows the attacker to set the way traffic is being routed in the international network of the company. This may lead to traffic steering or even complete shutdown of the company's network."