CVE-2020-12142

Published: May 5, 2020Modified: Nov 21, 2024

4.9

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.2 / Impact: 3.6

Source: NVD

Description

1. IPSec UDP key material can be retrieved from machine-to-machine interfaces and human-accessible interfaces by a user with admin credentials. Such a user, with the required system knowledge, could use this material to decrypt in-flight communication. 2. The vulnerability requires administrative access and shell access to the EdgeConnect appliance. An admin user can access IPSec seed and nonce parameters using the CLI, REST APIs, and the Linux shell.

Affected (24)

Products: Silver Peak: Unity Edgeconnect For Amazon Web Services, Unity Edgeconnect For Azure, Unity Edgeconnect For Google Cloud Platform, Unity Orchestrator, Vx 500 Firmware, Vx 1000 Firmware, Vx 2000 Firmware, Vx 3000 Firmware, Vx 5000 Firmware, Vx 6000 Firmware, Vx 7000 Firmware, Vx 9000 Firmware, Vx 8000 Firmware, Nx 700 Firmware, Nx 1000 Firmware, Nx 2000 Firmware, Nx 3000 Firmware, Nx 5000 Firmware, Nx 6000 Firmware, Nx 7000 Firmware, Nx 8000 Firmware, Nx 9000 Firmware, Nx 10k Firmware, Nx 11k Firmware

Silver Peak

24 products

Unity Edgeconnect For Amazon Web Services

Unity Edgeconnect For Azure

Unity Edgeconnect For Google Cloud Platform

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Silver Peak Unity Edgeconnect For Amazon Web Services	All versions
Silver Peak Unity Edgeconnect For Azure	All versions
Silver Peak Unity Edgeconnect For Google Cloud Platform	All versions
Silver Peak Unity Orchestrator	Before 8.9.2

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Silver Peak Vx 500 Firmware	All versions

Running on/with	Platform Versions
Arubanetworks Vx 500	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Silver Peak Vx 1000 Firmware	All versions

Running on/with	Platform Versions
Arubanetworks Vx 1000	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Silver Peak Vx 2000 Firmware	All versions

Running on/with	Platform Versions
Arubanetworks Vx 2000	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Silver Peak Vx 3000 Firmware	All versions

Running on/with	Platform Versions
Arubanetworks Vx 3000	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Silver Peak Vx 5000 Firmware	All versions

Running on/with	Platform Versions
Arubanetworks Vx 5000	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Silver Peak Vx 6000 Firmware	All versions

Running on/with	Platform Versions
Arubanetworks Vx 6000	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Silver Peak Vx 7000 Firmware	All versions

Running on/with	Platform Versions
Arubanetworks Vx 7000	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Silver Peak Vx 9000 Firmware	All versions

Running on/with	Platform Versions
Arubanetworks Vx 9000	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Silver Peak Vx 8000 Firmware	All versions

Running on/with	Platform Versions
Arubanetworks Vx 8000	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Silver Peak Nx 700 Firmware	All versions

Running on/with	Platform Versions
Arubanetworks Nx 700	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Silver Peak Nx 1000 Firmware	All versions

Running on/with	Platform Versions
Arubanetworks Nx 1000	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Silver Peak Nx 2000 Firmware	All versions

Running on/with	Platform Versions
Arubanetworks Nx 2000	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Silver Peak Nx 3000 Firmware	All versions

Running on/with	Platform Versions
Arubanetworks Nx 3000	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Silver Peak Nx 5000 Firmware	All versions

Running on/with	Platform Versions
Arubanetworks Nx 5000	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Silver Peak Nx 6000 Firmware	All versions

Running on/with	Platform Versions
Arubanetworks Nx 6000	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Silver Peak Nx 7000 Firmware	All versions

Running on/with	Platform Versions
Arubanetworks Nx 7000	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Silver Peak Nx 8000 Firmware	All versions

Running on/with	Platform Versions
Arubanetworks Nx 8000	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Silver Peak Nx 9000 Firmware	All versions

Running on/with	Platform Versions
Arubanetworks Nx 9000	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Silver Peak Nx 10k Firmware	All versions

Running on/with	Platform Versions
Arubanetworks Nx 10k	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Silver Peak Nx 11k Firmware	All versions

Running on/with	Platform Versions
Arubanetworks Nx 11k	All versions

Related CWEs

CWE-668

Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

References (2)

https://www.silver-peak.com/sites/default/files/advisory/security_advisory_notice_ipsec_udp_key_material-cve_2020_12142.pdf

Source: sirt@silver-peak.com

Vendor Advisory

https://www.silver-peak.com/sites/default/files/advisory/security_advisory_notice_ipsec_udp_key_material-cve_2020_12142.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.