Tenable

APRIL 11, 2019

Tenable Research has discovered a critical vulnerability in Citrix SD-WAN Center that could lead to remote code execution. On April 10, Citrix released a security bulletin for CVE-2019-10883, an operating system (OS) command injection vulnerability in Citrix SD-WAN Center 10.2.x and NetScaler SD-WAN Center 10.0.x

WAN 42

WAN Software Review Systems Review Research 42

Tenable

APRIL 27, 2020

According to Sophos, they were able to identify “an attack against physical and virtual XG Firewall units” after reviewing the report of a “suspicious field value” in the XG Firewall’s management interface. All versions (physical and virtual) of XG Firewall firmware are affected by this vulnerability. Fixed Versions.

Firewall 101

Firewall WAN Operating System Systems Review 101

Tenable

OCTOBER 7, 2022

Citrix ADC, Gateway and SD-WAN WANOP Path Traversal Vulnerability. Zoho ManageEngine ADSelfService Plus Improper Authentication Vulnerability. F5 BIG-IP iControl REST Authentication Bypass Vulnerability. F5 BIG-IP iControl REST Authentication Bypass Vulnerability. Identifying affected systems. CVE-2019-11510.

WAN 52

WAN Software Review Authentication Systems Review 52

Tenable

JULY 15, 2020

The following is the full list of product families with vulnerabilities addressed in this month’s release along with the number of patches released and vulnerabilities that are remotely exploitable without authentication. Oracle Virtualization. Oracle Systems. Identifying affected systems. Oracle Product Family.

WAN 59

WAN Systems Review Applications Construction 59

Tenable

FEBRUARY 4, 2021

On January 22, SonicWall published a product notification regarding a “coordinated attack on its internal systems” conducted by “highly sophisticated threat actors.” Warren specifically suggested reviewing log files to identify “anomalous requests” to the vulnerable device. Virtual (Azure, AWS, ESXi, HyperV). Background.

Mobile 53

Mobile Authentication Technical Review WAN 53

Ivanti

JUNE 20, 2023

The National Institute of Standards and Technology (NIST) defines zero trust as follows: “A collection of concepts and ideas designed to minimize uncertainty in enforcing accurate, least privilege per-request access decisions in information systems and services in the face of a network viewed as compromised.”

Software Review 92

Software Review Policies Weak Development Team Technical Review 92

Tenable

SEPTEMBER 17, 2020

CISA reports that foreign threat actors in China and Iran are exploiting flaws in Pulse Connect Secure, a popular commercial virtual private network (VPN) solution. Vulnerability in Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP appliance. Identifying affected systems. CVE-2020-0688.

Software Review 102

Software Review Authentication Research Government 102