Tenable

JULY 11, 2019

Tenable Research has discovered multiple critical vulnerabilities in both Citrix SD-WAN Center and the SD-WAN appliance itself that could allow a remote, unauthenticated attacker to compromise the underlying operating systems of each. In the SD-WAN appliance, an unauthenticated SQL injection can be used to bypass authentication.

WAN 40

WAN Authentication Research Operating System 40

Tenable

JULY 22, 2020

CVE-2019-18935. CVE-2019-19781. CVE-2019-0604. Telerik UI for ASP.NET AJAX CVE-2019-18935 is an insecure deserialization vulnerability in Telerik UI , a tool to build forms for apps in ASP.NET AJAX. Researchers at BishopFox published a blog post in December 2019 on CVE-2019-18935.

WAN 96

WAN Software Review Authentication Government 96

Tenable

AUGUST 5, 2021

While both flaws exist due to improper validation of HTTP requests and can be exploited by sending specially crafted HTTP requests, CVE-2021-1610 can only be exploited by an authenticated attacker with root privileges. In January 2019, Cisco published advisories for two different vulnerabilities in its RV320 and RV325 WAN VPN routers.

Small Business 145

Small Business Software Review WAN Wireless 145

Tenable

OCTOBER 12, 2020

CVE-2019-11510. CVE-2019-19781. This blog post was published on October 12 and reflects VPR at that time. It was patched by Fortinet in April 2019. However, it wasn’t until after exploitation details were made public in August 2019 that reports emerged of attackers exploiting it in the wild. CVE-2019-11510.

WAN 115

WAN Authentication Government Network 115

Tenable

OCTOBER 7, 2022

CVE-2019-11510. CVE-2019-19781. Citrix ADC, Gateway and SD-WAN WANOP Path Traversal Vulnerability. Zoho ManageEngine ADSelfService Plus Improper Authentication Vulnerability. F5 BIG-IP iControl REST Authentication Bypass Vulnerability. F5 BIG-IP iControl REST Authentication Bypass Vulnerability. Description.

WAN 52

WAN Software Review Authentication Systems Review 52

Tenable

SEPTEMBER 17, 2020

The table below contains the list of vulnerabilities mentioned in both alerts (with the exception of CVE-2019-11539, which appears only in AA20-259A): CVE. CVE-2019-11510. April 2019. CVE-2019-11539. April 2019. CVE-2019-19781. This blog post was published on September 17 and reflects VPR at that time.

Software Review 102

Software Review Authentication Research Government 102

Tenable

FEBRUARY 4, 2021

Look for anomalous requests to: /cgi-bin/management That do not also have a preliminary request to: /__api__/v1/logon (200) /__api__/v1/logon/ /authenticate Indicating auth bypass. Both CVE-2020-5902 and CVE-2019-19781 are two of the Top 5 Vulnerabilities we highlighted in our 2020 Threat Landscape Retrospective report.

Mobile 53

Mobile Authentication Technical Review WAN 53