Critical Start discovers Security Vulnerability In VMware NSX SD-WAN By Velocloud

Critical Start discovers Security Vulnerability In VMware NSX SD-WAN By Velocloud

Critical Start announced that the company's Section 8 Penetration Testing Team discovered a security vulnerability in VMware NSX SD-WAN environments by Velocloud. This issue could affect a wide range of network devices including routers, switches, and firewalls, thereby exposing sensitive, network-based information to unauthorized access and use.

Critical Start is the cybersecurity integrator in North America and protects their customers with their end-to-end security services. Their portfolio includes services from security-readiness assessments using our proven framework, the Defendable Network, to the delivery of managed security services, professional services, and product fulfillment.

Critical Start stated that its Section 8 team followed responsible disclosure procedure by submitting the vulnerability to VMware's Security Response Center and waited for a patch to be released for the affected devices before publishing any information. The vulnerability was also disclosed independently to VMware by security researcher Brian Sullivan from Tevora.

Critical Start found an unauthenticated command injection vulnerability. It also alerted VMware's Security Response Center. In response, VMware released a patch to address this vulnerability. Remediation actions required for affected devices including updating to version 3.1.2. Details can be found in the VMware Security Advisory VMSA-2018-011.1.

CEO at Critical Start,  Rob Davis said, "As networking equipment has increasingly become virtualized and software-defined, it has opened up new attack vectors for criminals and hackers to try and access the systems, data and assets of business of all sizes. A key part of our security services, the Section 8 PenTest team continues to identify new vulnerabilities and inform vendors of the discoveries so quick action can be taken to resolve the findings. We feel strongly that security is a team effort that requires the diligent efforts of many organizations and individuals working together across the industry."

More detailed information is available in a recent blog post from Critical Start, which includes links to resources for reporting and patching.

Critical Start blog post explains more details on this security vulnerability.

Note: We at TechSutram take our ethics very seriously. More information about it can be found here.
Mandar Pise Opinions expressed by techsutram contributors are their own. More details

Mandar is a seasoned software professional for more than a decade. He is Cloud, AI, IoT, Blockchain and Fintech enthusiast. He writes to benefit others from his experiences. His overall goal is to help people learn about the Cloud, AI, IoT, Blockchain and Fintech and the effects they will have economically and socially in the future.

No comments:

Post a Comment

    Your valuable comments are welcome. (Moderated)