Critical Start discovers Security Vulnerability In VMware NSX SD-WAN By Velocloud

Critical Start announced that the company's Section 8 Penetration Testing Team discovered a security vulnerability in VMware NSX SD-WAN environments by Velocloud. This issue could affect a wide range of network devices including routers, switches, and firewalls, thereby exposing sensitive, network-based information to unauthorized access and use.

Critical Start is the cybersecurity integrator in North America and protects their customers with their end-to-end security services. Their portfolio includes services from security-readiness assessments using our proven framework, the Defendable Network, to the delivery of managed security services, professional services, and product fulfillment.

Critical Start stated that its Section 8 team followed responsible disclosure procedure by submitting the vulnerability to VMware's Security Response Center and waited for a patch to be released for the affected devices before publishing any information. The vulnerability was also disclosed independently to VMware by security researcher Brian Sullivan from Tevora.

Critical Start found an unauthenticated command injection vulnerability. It also alerted VMware's Security Response Center. In response, VMware released a patch to address this vulnerability. Remediation actions required for affected devices including updating to version 3.1.2. Details can be found in the VMware Security Advisory VMSA-2018-011.1.

https://www.vmware.com/security/advisories/VMSA-2018-0011.html

CEO at Critical Start,  Rob Davis said, "As networking equipment has increasingly become virtualized and software-defined, it has opened up new attack vectors for criminals and hackers to try and access the systems, data and assets of business of all sizes. A key part of our security services, the Section 8 PenTest team continues to identify new vulnerabilities and inform vendors of the discoveries so quick action can be taken to resolve the findings. We feel strongly that security is a team effort that requires the diligent efforts of many organizations and individuals working together across the industry."