PLANO, Texas, July 23, 2018 /PRNewswire/ -- Critical Start, a leading provider of cybersecurity solutions, today announced that the company's Section 8 Penetration Testing Team discovered a security vulnerability in VMware NSX SD-WAN environments by Velocloud. This issue could affect a wide range of network devices including routers, switches and firewalls, thereby exposing sensitive, network-based information to unauthorized access and use.
Critical Start found an unauthenticated command injection vulnerability and alerted VMware's Security Response Center. VMware promptly released a patch to address the vulnerability. More detailed information is available in a recent blog post from Critical Start, which includes links to resources for reporting and patching.
Critical Start's Section 8 team followed responsible disclosure procedure by submitting the vulnerability to VMware's Security Response Center and waited for a patch to be released for the affected devices before publishing any information. The vulnerability was also disclosed independently to VMware by security researcher Brian Sullivan from Tevora.
"As networking equipment has increasingly become virtualized and software-defined, it has opened up new attack vectors for criminals and hackers to try and access the systems, data and assets of business of all sizes," said Rob Davis, CEO at Critical Start. "A key part of our security services, the Section 8 PenTest team continues to identify new vulnerabilities and inform vendors of the discoveries so quick action can be taken to resolve the findings. We feel strongly that security is a team effort that requires the diligent efforts of many organizations and individuals working together across the industry."
About Critical Start
Critical Start is the fastest-growing cybersecurity integrator in North America. Our mission is simple: protect our customers' brands and reduce their business risk. We do this for organizations of all sizes through our award-winning portfolio of end-to-end security services – from security-readiness assessments using our proven framework, the Defendable Network, to the delivery of managed security services, professional services, and product fulfillment. Critical Start has been named to the CRN 2018 Tech Elite 250 and top 100 Security MSPs lists. Visit www.criticalstart.com for more information.
SOURCE Critical Start