lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAJ+7+cB3XAy9L3kS2ZXqyjNXuwBTa1w8xOD9RvqxkjHbAg-D-A@mail.gmail.com> Date: Fri, 17 Aug 2018 13:42:00 +0400 From: SCADA StrangeLove <scadastrangelove@...il.com> To: full-disclosure@...ts.grok.org.uk, fulldisclosure@...lists.org Subject: [FD] Silver Peak EdgeConnect < 8.1.7.x. multiple vulnerabilities Silver Peak EdgeConnect < 8.1.7.x. multiple vulnerabilities Traceback: http://www.scada.sl/2018/08/silver-peak-edgeconnect-817x-multiple.html Silver Peak SD-WAN solutions enable distributed enterprises to build a better WAN, securely connecting users to applications without compromising application performance. https://www.silver-peak.com/sd-wan Version: 8.1.4.9_65644 Kernel: Linux silverpeak-094976 2.6.38.6-rc1 #1 VXOA 8.1.4.9_65644 SMP Fixed in Silver Peak version 8.1.6.x - 8.1.7.x Vulnerabilities Brute-Force Password Attack Version Leakage REST API CSRF Slow HTTP DoS Attacks on Web Interface Information Leakage via Node REST Default SNMP Community Administrative CLI backdoor Reflected XSS via Download Backup Files functionality of Backup/Restore Path Traversal via Backup/Restore Details https://github.com/sdnewhop/sdwannewhope/blob/master/Silverpeak%20EdgeConnect%20Multiple%20Vulnerabilities%20-%20032018.pdf More to come http://www.scada.sl/2018/08/sd-wan-updates.html Credits: SD-WAN New Hop team https://github.com/sdnewhop/sdwannewhope Sergey Gordeychick Denis Kolegov Maxim Gorbunov Nikolay Tkachenko Nikita Oleksov Oleg Broslavsky Antony Nikolaev Enjoy _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists