Lucene search

Silver PeakCVE-2020-12144

HistoryMay 05, 2020 - 8:15 p.m.

CVE-2020-12144

2020-05-0520:15:12

CWE-295

Silver Peak

web.nvd.nist.gov

cve-2020-12144

silver peak

cloud portal

edgeconnect

certificate

unvalidated

tls connection

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:H

AI Score

5.1

Confidence

High

EPSS

0.001

Percentile

22.7%

JSON

The certificate used to identify the Silver Peak Cloud Portal to EdgeConnect devices is not validated. This makes it possible for someone to establish a TLS connection from EdgeConnect to an untrusted portal.

Affected configurations

Nvd

Node

silver-peakunity_edgeconnect_for_amazon_web_servicesMatch-

silver-peakunity_edgeconnect_for_azureMatch-

silver-peakunity_edgeconnect_for_google_cloud_platformMatch-

silver-peakunity_orchestratorRange<8.9.2

Node

silver-peakvx-500_firmwareMatch-

AND

arubanetworksvx-500Match-

Node

silver-peakvx-1000_firmwareMatch-

AND

arubanetworksvx-1000Match-

Node

silver-peakvx-2000_firmwareMatch-

AND

arubanetworksvx-2000Match-

Node

silver-peakvx-3000_firmwareMatch-

AND

arubanetworksvx-3000Match-

Node

silver-peakvx-5000_firmwareMatch-

AND

arubanetworksvx-5000Match-

Node

silver-peakvx-6000_firmwareMatch-

AND

arubanetworksvx-6000Match-

Node

silver-peakvx-7000_firmwareMatch-

AND

arubanetworksvx-7000Match-

Node

silver-peakvx-9000_firmwareMatch-

AND

arubanetworksvx-9000Match-

Node

silver-peakvx-8000_firmwareMatch-

AND

arubanetworksvx-8000Match-

Node

silver-peaknx-700_firmwareMatch-

AND

arubanetworksnx-700Match-

Node

silver-peaknx-1000_firmwareMatch-

AND

arubanetworksnx-1000Match-

Node

silver-peaknx-2000_firmwareMatch-

AND

arubanetworksnx-2000Match-

Node

silver-peaknx-3000_firmwareMatch-

AND

arubanetworksnx-3000Match-

Node

silver-peaknx-5000_firmwareMatch-

AND

arubanetworksnx-5000Match-

Node

silver-peaknx-6000_firmwareMatch-

AND

arubanetworksnx-6000Match-

Node

silver-peaknx-7000_firmwareMatch-

AND

arubanetworksnx-7000Match-

Node

silver-peaknx-8000_firmwareMatch-

AND

arubanetworksnx-8000Match-

Node

silver-peaknx-9000_firmwareMatch-

AND

arubanetworksnx-9000Match-

Node

silver-peaknx-10k_firmwareMatch-

AND

arubanetworksnx-10kMatch-

Node

silver-peaknx-11k_firmwareMatch-

AND

arubanetworksnx-11kMatch-

VendorProductVersionCPE
silver-peakunity_edgeconnect_for_amazon_web_services-cpe:2.3:a:silver-peak:unity_edgeconnect_for_amazon_web_services:-:*:*:*:*:*:*:*
silver-peakunity_edgeconnect_for_azure-cpe:2.3:a:silver-peak:unity_edgeconnect_for_azure:-:*:*:*:*:*:*:*
silver-peakunity_edgeconnect_for_google_cloud_platform-cpe:2.3:a:silver-peak:unity_edgeconnect_for_google_cloud_platform:-:*:*:*:*:*:*:*
silver-peakunity_orchestrator*cpe:2.3:a:silver-peak:unity_orchestrator:*:*:*:*:*:*:*:*
silver-peakvx-500_firmware-cpe:2.3:o:silver-peak:vx-500_firmware:-:*:*:*:*:*:*:*
arubanetworksvx-500-cpe:2.3:h:arubanetworks:vx-500:-:*:*:*:*:*:*:*
silver-peakvx-1000_firmware-cpe:2.3:o:silver-peak:vx-1000_firmware:-:*:*:*:*:*:*:*
arubanetworksvx-1000-cpe:2.3:h:arubanetworks:vx-1000:-:*:*:*:*:*:*:*
silver-peakvx-2000_firmware-cpe:2.3:o:silver-peak:vx-2000_firmware:-:*:*:*:*:*:*:*
arubanetworksvx-2000-cpe:2.3:h:arubanetworks:vx-2000:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
silver-peak	unity_edgeconnect_for_amazon_web_services	-	cpe:2.3:a:silver-peak:unity_edgeconnect_for_amazon_web_services:-:::::::*
silver-peak	unity_edgeconnect_for_azure	-	cpe:2.3:a:silver-peak:unity_edgeconnect_for_azure:-:::::::*
silver-peak	unity_edgeconnect_for_google_cloud_platform	-	cpe:2.3:a:silver-peak:unity_edgeconnect_for_google_cloud_platform:-:::::::*
silver-peak	unity_orchestrator	*	cpe:2.3:a:silver-peak:unity_orchestrator::::::::
silver-peak	vx-500_firmware	-	cpe:2.3:o:silver-peak:vx-500_firmware:-:::::::*
arubanetworks	vx-500	-	cpe:2.3:h:arubanetworks:vx-500:-:::::::*
silver-peak	vx-1000_firmware	-	cpe:2.3:o:silver-peak:vx-1000_firmware:-:::::::*
arubanetworks	vx-1000	-	cpe:2.3:h:arubanetworks:vx-1000:-:::::::*
silver-peak	vx-2000_firmware	-	cpe:2.3:o:silver-peak:vx-2000_firmware:-:::::::*
arubanetworks	vx-2000	-	cpe:2.3:h:arubanetworks:vx-2000:-:::::::*

Rows per page:

1-10 of 441

CNA Affected

[
  {
    "product": "1. Unity EdgeConnect, NX, VX 2. Unity Orchestrator   3. EdgeConnect in AWS, Azure, GCP ",
    "vendor": "Silver Peak Systems, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "All versions affected prior to Silver Peak Unity ECOS™ 8.3.2+, 8.1.9.12+ and Silver Peak Unity Orchestrator™ 8.9.2+"
      }
    ]
  }
]

References

www.silver-peak.com/sites/default/files/advisory/security_advisory_notice_rogue_portal-cve_2020_12144.pdf

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:H

AI Score

5.1

Confidence

High

EPSS

0.001

Percentile

22.7%

JSON

Related for CVE-2020-12144