VMware last week addressed six vulnerabilities (CVE-2020-3984, CVE-2020-3985, CVE-2020-4000, CVE-2020-4001, CVE-2020-4002, CVE-2020-4003) in its SD-WAN Orchestrator product, including some issues that can be chained by an attacker to hijack traffic or shut down an enterprise network.
The following vulnerabilities have been reported by Ariel Tempelhof of Realmode Labs, they can be chained by remote unauthenticated attackers to achieve remote code execution.
“SD-WAN Orchestrator ships with default passwords for predefined accounts which may lead to to a Pass-the-Hash attack.” reads the security advisory published by VMware. “The same salt is used in conjunction with the default password of predefined accounts on freshly installed systems allowing for for Pass-the-Hash-Attacks. That same system could be accessed by an attacker using the default password for the predefined account.”
The remaining flaws are:
(SecurityAffairs – hacking, VMware)