Denis Kolegov is a security researcher and an associated professor in computer security at Tomsk State University. His research focuses on network security, web application security, access control, and covert communications. Prior to this, Denis was the Application Firewall team lead at Positive Technologies. He holds a PhD and associated professor degree in computer security. Denis has presented at different international security conferences including Area41, Zero Nights, Positive Hack Days, and SibeCrypt..
Oleg Broslavsky is a security enthusiast, PhD student at Tomsk State University, and member of the SiBears CTF team. He has given talks about aspects of web security and post-exploitation techniques at some practical security conferences (Positive Hack Days, ZeroNights), developer conferences (HighLoad++) and even academical ones (SibeCrypt).
[Abstract]
==========
Today, «SD-WAN» is a very hot and attractive topic. Software-defined WAN (SD-WAN) is a technology based on software-defined network (SDN) approach applied to wide area networks (WAN) in enterprise networks. According to Gartner’s predictions study, more than 50% of routers will be replaced with SD-WAN solutions by 2020.
In this presentation, we disclose a set of vulnerabilities in widespread and most popular SD-WAN products including Citrix NetScaler and Silver Peak EdgeConnect. We present the new results of our research, consider some technical details of the insecure design and found vulnerabilities, and describe different attack scenarios that may allow an attacker to compromise SD-WAN control and data planes.