GradeZero Music Band

Friday, August 17, 2018

Silver Peak EdgeConnect < 8.1.7.x. multiple vulnerabilities

On SD-WAN vulnerabilities discussed here.

Silver Peak SD-WAN solutions enable distributed enterprises to build a better WAN, securely connecting users to applications without compromising application performance.

https://www.silver-peak.com/sd-wan



Version: 8.1.4.9_65644
Kernel: Linux silverpeak-094976 2.6.38.6-rc1 #1 VXOA 8.1.4.9_65644 SMP
Fixed in Silver Peak version 8.1.6.x - 8.1.7.x


Credits: SD WAN New Hop team



Vulnerabilities
  • Brute-Force Password Attack
  • Version Leakage
  • REST API CSRF
  • Slow HTTP DoS Attacks on Web Interface
  • Information Leakage via Node REST
  • Default SNMP Community
  • Administrative CLI backdoor
  • Reflected XSS via Download Backup Files functionality of Backup/Restore
  • Path Traversal via Backup/Restore

Details

Enjoy

No comments:

Post a Comment