CVE-2020-14606

Name of the Vulnerable Software and Affected Versions Oracle SD-WAN Edge versions 8.2 through 9.0

Description The issue is related to insufficient access control in the User Interface component of the Oracle SD-WAN Edge product, allowing an unauthenticated attacker with network access via HTTP to compromise the system. Successful attacks can result in the takeover of Oracle SD-WAN Edge and may have significant impacts on additional products.

Recommendations For versions 8.2 and 9.0, update to a version that includes the fix for this issue to prevent exploitation. As a temporary workaround, consider restricting access to the User Interface component until a patch is available. Avoid using the HTTP protocol for sensitive operations in the affected product until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.