Silver Peak EdgeConnect < 8.1.7.x. multiple vulnerabilities Traceback: http://www.scada.sl/2018/08/silver-peak-edgeconnect-817x-multiple.html
Silver Peak SD-WAN solutions enable distributed enterprises to build a better WAN, securely connecting users to applications without compromising application performance. https://www.silver-peak.com/sd-wan Version: 8.1.4.9_65644 Kernel: Linux silverpeak-094976 2.6.38.6-rc1 #1 VXOA 8.1.4.9_65644 SMP Fixed in Silver Peak version 8.1.6.x - 8.1.7.x Vulnerabilities Brute-Force Password Attack Version Leakage REST API CSRF Slow HTTP DoS Attacks on Web Interface Information Leakage via Node REST Default SNMP Community Administrative CLI backdoor Reflected XSS via Download Backup Files functionality of Backup/Restore Path Traversal via Backup/Restore Details https://github.com/sdnewhop/sdwannewhope/blob/master/Silverpeak%20EdgeConnect%20Multiple%20Vulnerabilities%20-%20032018.pdf More to come http://www.scada.sl/2018/08/sd-wan-updates.html Credits: SD-WAN New Hop team https://github.com/sdnewhop/sdwannewhope Sergey Gordeychick Denis Kolegov Maxim Gorbunov Nikolay Tkachenko Nikita Oleksov Oleg Broslavsky Antony Nikolaev Enjoy _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/