Author: Digital Defense / Source: Information Security Buzz
San Antonio, TX. Digital Defense, Inc., a leading provider of Vulnerability Management as a Service (VMaaS™), disclosed the discovery of four zero-day security vulnerabilities found in the Riverbed Technology SteelCentral Portal version 1.3.1 and 1.4.0. The vulnerabilities are critical in nature due to the ability of a cybercriminal to exploit these issues to gain access to the performance monitoring platform and retrieve confidential data. Riverbed has collaborated closely with Digital Defense and addressed these vulnerabilities.
About the Vulnerabilities
Digital Defense Vulnerability Research Team (VRT) detected the previously unknown vulnerabilities while developing new audit modules for its patented vulnerability scanning technology.
Two unauthenticated remote code execution vulnerabilities would allow an attacker to run arbitrary code with SYSTEM privileges and fully compromise the host running the SteelCentral Portal application. Compromise of the portal application would allow for credentials of…