CVE-2020-12143

Published: May 5, 2020Modified: Nov 21, 2024

4.9

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

Exploitability: 1.2 / Impact: 3.6

Source: NVD

Description

The certificate used to identify Orchestrator to EdgeConnect devices is not validated, which makes it possible for someone to establish a TLS connection from EdgeConnect to an untrusted Orchestrator.

Affected (24)

Products: Silver Peak: Unity Edgeconnect For Amazon Web Services, Unity Edgeconnect For Azure, Unity Edgeconnect For Google Cloud Platform, Unity Orchestrator, Vx 500 Firmware, Vx 1000 Firmware, Vx 2000 Firmware, Vx 3000 Firmware, Vx 5000 Firmware, Vx 6000 Firmware, Vx 7000 Firmware, Vx 9000 Firmware, Vx 8000 Firmware, Nx 700 Firmware, Nx 1000 Firmware, Nx 2000 Firmware, Nx 3000 Firmware, Nx 5000 Firmware, Nx 6000 Firmware, Nx 7000 Firmware, Nx 8000 Firmware, Nx 9000 Firmware, Nx 10k Firmware, Nx 11k Firmware

Silver Peak

24 products

Unity Edgeconnect For Amazon Web Services

Unity Edgeconnect For Azure

Unity Edgeconnect For Google Cloud Platform

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Silver Peak Unity Edgeconnect For Amazon Web Services	All versions
Silver Peak Unity Edgeconnect For Azure	All versions
Silver Peak Unity Edgeconnect For Google Cloud Platform	All versions
Silver Peak Unity Orchestrator	Before 8.9.2

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Silver Peak Vx 500 Firmware	All versions

Running on/with	Platform Versions
Arubanetworks Vx 500	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Silver Peak Vx 1000 Firmware	All versions

Running on/with	Platform Versions
Arubanetworks Vx 1000	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Silver Peak Vx 2000 Firmware	All versions

Running on/with	Platform Versions
Arubanetworks Vx 2000	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Silver Peak Vx 3000 Firmware	All versions

Running on/with	Platform Versions
Arubanetworks Vx 3000	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Silver Peak Vx 5000 Firmware	All versions

Running on/with	Platform Versions
Arubanetworks Vx 5000	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Silver Peak Vx 6000 Firmware	All versions

Running on/with	Platform Versions
Arubanetworks Vx 6000	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Silver Peak Vx 7000 Firmware	All versions

Running on/with	Platform Versions
Arubanetworks Vx 7000	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Silver Peak Vx 9000 Firmware	All versions

Running on/with	Platform Versions
Arubanetworks Vx 9000	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Silver Peak Vx 8000 Firmware	All versions

Running on/with	Platform Versions
Arubanetworks Vx 8000	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Silver Peak Nx 700 Firmware	All versions

Running on/with	Platform Versions
Arubanetworks Nx 700	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Silver Peak Nx 1000 Firmware	All versions

Running on/with	Platform Versions
Arubanetworks Nx 1000	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Silver Peak Nx 2000 Firmware	All versions

Running on/with	Platform Versions
Arubanetworks Nx 2000	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Silver Peak Nx 3000 Firmware	All versions

Running on/with	Platform Versions
Arubanetworks Nx 3000	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Silver Peak Nx 5000 Firmware	All versions

Running on/with	Platform Versions
Arubanetworks Nx 5000	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Silver Peak Nx 6000 Firmware	All versions

Running on/with	Platform Versions
Arubanetworks Nx 6000	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Silver Peak Nx 7000 Firmware	All versions

Running on/with	Platform Versions
Arubanetworks Nx 7000	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Silver Peak Nx 8000 Firmware	All versions

Running on/with	Platform Versions
Arubanetworks Nx 8000	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Silver Peak Nx 9000 Firmware	All versions

Running on/with	Platform Versions
Arubanetworks Nx 9000	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Silver Peak Nx 10k Firmware	All versions

Running on/with	Platform Versions
Arubanetworks Nx 10k	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Silver Peak Nx 11k Firmware	All versions

Running on/with	Platform Versions
Arubanetworks Nx 11k	All versions

Related CWEs

CWE-295

Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

References (2)

https://www.silver-peak.com/sites/default/files/advisory/security_advisory_notice_rogue_orchestrator-cve_2020_12143.pdf

Source: sirt@silver-peak.com

Vendor Advisory

https://www.silver-peak.com/sites/default/files/advisory/security_advisory_notice_rogue_orchestrator-cve_2020_12143.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.