Lucene search

Silver PeakCVE-2020-12142

HistoryMay 05, 2020 - 8:15 p.m.

CVE-2020-12142

2020-05-0520:15:12

CWE-668

Silver Peak

web.nvd.nist.gov

cve-2020-12142

ipsec

udp

key material

retrieval

vulnerability

edgeconnect

admin credentials

in-flight communication

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

28.4%

JSON

IPSec UDP key material can be retrieved from machine-to-machine interfaces and human-accessible interfaces by a user with admin credentials. Such a user, with the required system knowledge, could use this material to decrypt in-flight communication. 2. The vulnerability requires administrative access and shell access to the EdgeConnect appliance. An admin user can access IPSec seed and nonce parameters using the CLI, REST APIs, and the Linux shell.

Affected configurations

Nvd

Node

silver-peakunity_edgeconnect_for_amazon_web_servicesMatch-

silver-peakunity_edgeconnect_for_azureMatch-

silver-peakunity_edgeconnect_for_google_cloud_platformMatch-

silver-peakunity_orchestratorRange<8.9.2

Node

arubanetworksvx-500Match-

AND

silver-peakvx-500_firmwareMatch-

Node

arubanetworksvx-1000Match-

AND

silver-peakvx-1000_firmwareMatch-

Node

arubanetworksvx-2000Match-

AND

silver-peakvx-2000_firmwareMatch-

Node

arubanetworksvx-3000Match-

AND

silver-peakvx-3000_firmwareMatch-

Node

arubanetworksvx-5000Match-

AND

silver-peakvx-5000_firmwareMatch-

Node

arubanetworksvx-6000Match-

AND

silver-peakvx-6000_firmwareMatch-

Node

arubanetworksvx-7000Match-

AND

silver-peakvx-7000_firmwareMatch-

Node

arubanetworksvx-9000Match-

AND

silver-peakvx-9000_firmwareMatch-

Node

silver-peakvx-8000_firmwareMatch-

AND

arubanetworksvx-8000Match-

Node

silver-peaknx-700_firmwareMatch-

AND

arubanetworksnx-700Match-

Node

silver-peaknx-1000_firmwareMatch-

AND

arubanetworksnx-1000Match-

Node

silver-peaknx-2000_firmwareMatch-

AND

arubanetworksnx-2000Match-

Node

silver-peaknx-3000_firmwareMatch-

AND

arubanetworksnx-3000Match-

Node

silver-peaknx-5000_firmwareMatch-

AND

arubanetworksnx-5000Match-

Node

silver-peaknx-6000_firmwareMatch-

AND

arubanetworksnx-6000Match-

Node

silver-peaknx-7000_firmwareMatch-

AND

arubanetworksnx-7000Match-

Node

silver-peaknx-8000_firmwareMatch-

AND

arubanetworksnx-8000Match-

Node

silver-peaknx-9000_firmwareMatch-

AND

arubanetworksnx-9000Match-

Node

silver-peaknx-10k_firmwareMatch-

AND

arubanetworksnx-10kMatch-

Node

silver-peaknx-11k_firmwareMatch-

AND

arubanetworksnx-11kMatch-

VendorProductVersionCPE
silver-peakunity_edgeconnect_for_amazon_web_services-cpe:2.3:a:silver-peak:unity_edgeconnect_for_amazon_web_services:-:*:*:*:*:*:*:*
silver-peakunity_edgeconnect_for_azure-cpe:2.3:a:silver-peak:unity_edgeconnect_for_azure:-:*:*:*:*:*:*:*
silver-peakunity_edgeconnect_for_google_cloud_platform-cpe:2.3:a:silver-peak:unity_edgeconnect_for_google_cloud_platform:-:*:*:*:*:*:*:*
silver-peakunity_orchestrator*cpe:2.3:a:silver-peak:unity_orchestrator:*:*:*:*:*:*:*:*
arubanetworksvx-500-cpe:2.3:h:arubanetworks:vx-500:-:*:*:*:*:*:*:*
silver-peakvx-500_firmware-cpe:2.3:o:silver-peak:vx-500_firmware:-:*:*:*:*:*:*:*
arubanetworksvx-1000-cpe:2.3:h:arubanetworks:vx-1000:-:*:*:*:*:*:*:*
silver-peakvx-1000_firmware-cpe:2.3:o:silver-peak:vx-1000_firmware:-:*:*:*:*:*:*:*
arubanetworksvx-2000-cpe:2.3:h:arubanetworks:vx-2000:-:*:*:*:*:*:*:*
silver-peakvx-2000_firmware-cpe:2.3:o:silver-peak:vx-2000_firmware:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
silver-peak	unity_edgeconnect_for_amazon_web_services	-	cpe:2.3:a:silver-peak:unity_edgeconnect_for_amazon_web_services:-:::::::*
silver-peak	unity_edgeconnect_for_azure	-	cpe:2.3:a:silver-peak:unity_edgeconnect_for_azure:-:::::::*
silver-peak	unity_edgeconnect_for_google_cloud_platform	-	cpe:2.3:a:silver-peak:unity_edgeconnect_for_google_cloud_platform:-:::::::*
silver-peak	unity_orchestrator	*	cpe:2.3:a:silver-peak:unity_orchestrator::::::::
arubanetworks	vx-500	-	cpe:2.3:h:arubanetworks:vx-500:-:::::::*
silver-peak	vx-500_firmware	-	cpe:2.3:o:silver-peak:vx-500_firmware:-:::::::*
arubanetworks	vx-1000	-	cpe:2.3:h:arubanetworks:vx-1000:-:::::::*
silver-peak	vx-1000_firmware	-	cpe:2.3:o:silver-peak:vx-1000_firmware:-:::::::*
arubanetworks	vx-2000	-	cpe:2.3:h:arubanetworks:vx-2000:-:::::::*
silver-peak	vx-2000_firmware	-	cpe:2.3:o:silver-peak:vx-2000_firmware:-:::::::*

Rows per page:

1-10 of 441

CNA Affected

[
  {
    "product": "1. Unity EdgeConnect, NX, VX 2. Unity Orchestrator,   3. EdgeConnect in AWS, Azure, GCP  ",
    "vendor": "Silver Peak Systems, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "All versions affected prior to Silver Peak Unity ECOS™ 8.3.2+, 8.1.9.12+ and Silver Peak Unity Orchestrator™ 8.9.2+ "
      }
    ]
  }
]

References

www.silver-peak.com/sites/default/files/advisory/security_advisory_notice_ipsec_udp_key_material-cve_2020_12142.pdf

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

28.4%

JSON

Related for CVE-2020-12142