Researchers from Realmode Lab, a cybersecurity consulting organization, have identified liabilities in SD-WAN solutions from Cisco, Silver Peak, VMware, and Citrix. These include possibly critical flaws that can be easily manipulated to redirect traffic or completely disrupt an organization’s corporate network. The details regarding the liabilities were announced immediately after each affected vendor released patches in less than 90 days.
The security vulnerabilities will potentially allow remote code execution; the list includes path traversal, file inclusion weaknesses, backdoor, and SQL injection. Researchers believe that such liabilities arose as the solutions were developed by small firms that aren’t security-focused; prominent organizations later on acquired these.