Recently, Citrix has issued a patch for three critical vulnerabilities in its SD-WAN Center software that allow for unauthenticated Remote Code Execution (RCE) with root privileges. The first vuln patched, CVE-2020-8271 is identified as a “Path Traversal” vulnerability, and the only pre-conditions required to trigger is that the attacker can communicate with SD-WAN Center’s Management IP. The next vuln patched, CVE-2020-8272 allows attackers to bypass SD-WAN authentication, leading to an exposure of SD-WAN functionality. The third and final vulnerability patched, CVE-2020-8273, allows an authenticated user to escalate privileges to root.
Watch the Video
How does Binary Defense help protect your organization? With best in breed cybersecurity tactics, techniques, and services, we make sure that your environment is secure against the most advanced attacks.