PT-2020-17825 · Riverbed · Sd-Wan Orchestrator

Published

2020-11-24

Updated

2021-07-21

CVE-2020-4001

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SD-WAN Orchestrator versions 3.3.2, 3.4.x, and 4.0.x

Description The SD-WAN Orchestrator has default passwords for predefined accounts, which may lead to a Pass-the-Hash attack. This issue allows for unauthorized access due to the default passwords, potentially compromising the security of the system.

Recommendations For SD-WAN Orchestrator version 3.3.2, update the default passwords for predefined accounts to unique and secure passwords. For SD-WAN Orchestrator version 3.4.x, update the default passwords for predefined accounts to unique and secure passwords. For SD-WAN Orchestrator version 4.0.x, update the default passwords for predefined accounts to unique and secure passwords.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1188

Related Identifiers

CVE-2020-4001

Affected Products

Sd-Wan Orchestrator

PT-2020-17825 · Riverbed · Sd-Wan Orchestrator

CVE-2020-4001

Weakness Enumeration

Related Identifiers

Affected Products

References · 5