{"id":35405,"date":"2023-05-15T19:33:33","date_gmt":"2023-05-15T19:33:33","guid":{"rendered":"https:\/\/zpesystems.com\/?p=35405"},"modified":"2024-08-12T11:33:27","modified_gmt":"2024-08-12T18:33:27","slug":"defusing-cisco-sd-wan-time-bomb-requires-out-of-band-access","status":"publish","type":"post","link":"https:\/\/zpesystems.com\/defusing-cisco-sd-wan-time-bomb-requires-out-of-band-access\/","title":{"rendered":"Defusing Cisco SD-WAN Time-bomb requires out-of-band access"},"content":{"rendered":"

[et_pb_section fb_built=”1″ admin_label=”section” _builder_version=”4.16″ custom_margin=”0px||||false|false” custom_padding=”0px||||false|false” da_disable_devices=”off|off|off” global_colors_info=”{}” da_is_popup=”off” da_exit_intent=”off” da_has_close=”on” da_alt_close=”off” da_dark_close=”off” da_not_modal=”on” da_is_singular=”off” da_with_loader=”off” da_has_shadow=”on”][et_pb_row admin_label=”row” _builder_version=”4.17.5″ background_size=”initial” background_position=”top_left” background_repeat=”repeat” width=”100%” custom_padding=”0px||1px||false|false” global_colors_info=”{}”][et_pb_column type=”4_4″ _builder_version=”4.16″ custom_padding=”|||” global_colors_info=”{}” custom_padding__hover=”|||”][et_pb_text _builder_version=”4.21.0″ _module_preset=”default” header_3_text_color=”#214C64″ header_4_text_color=”#358AAF” global_colors_info=”{}”]Viptela SD-WAN devices are used at large enterprise branches all around the world. The success of SD-WAN replaced dedicated service provider managed MPLS with customer managed boxes that used commodity internet connectivity giving more options and power to leadership and engineering. It solved the single-point-of-failure issues with Internet connectivity and using overlay networking, created a secure WAN topology never thought possible with commodity Internet connectivity. The unsolved issue is the platform itself. Viptela SD-WAN vEdge devices like many others have a fatal flaw in built-in encryption and authentication. The issue reared its head on May 9th 2023. The boxes shipped with a 10 year root certificate that was created in 2013. The flaw, designed 10 years ago, is that the certificate is a single point of failure to ensure the platform can\u2019t be trusted to form encrypted connections any longer after the certificate expires. This flaw takes down the entire control plane of the platform which in turn takes down the entire dataplane for all user traffic. [\/et_pb_text][et_pb_text _builder_version=”4.21.0″ _module_preset=”default” global_colors_info=”{}”]<\/p>\n

\n

We are actively working to address an issue impacting a number of Viptela SD-WAN platforms. <\/p>\n

\u2014 Cisco (@Cisco) May 10, 2023<\/a>\n<\/p><\/blockquote>\n