Recently, Citrix has issued a patch for three critical vulnerabilities in its SD-WAN Center software that allow for unauthenticated Remote Code Execution (RCE) with root privileges. The first vuln patched, CVE-2020-8271 is identified as a “Path Traversal” vulnerability, and the only pre-conditions required to trigger is that the attacker can communicate with SD-WAN Center’s Management IP. The next vuln patched, CVE-2020-8272 allows attackers to bypass SD-WAN authentication, leading to an exposure of SD-WAN functionality. The third and final vulnerability patched, CVE-2020-8273, allows an authenticated user to escalate privileges to root.
12 Essentials for a Successful SOC Partnership
As cyber threats continue to impact businesses of all sizes, the need for round-the-clock security