Source:-https://portswigger.net VMware has fixed vulnerabilities in its VeloCloud SD-WAN Orchestrator that, chained together, can lead to unauthenticated remote code execution (RCE). Researchers from Realmode Labs combined authentication bypass, SQL injection, and directory traversal vulnerabilities to leave arbitrary JavaScript running in node.js. The revelation marks the conclusion of a blog series documenting potentially calamitous RCE chains in four SD-WAN products from major vendors. Centrally controlling an enterprise’s network topology, SD-WAN (Software-defined Wide Area Network) products represent “a crucial single point of