CVE-2020-12144

Опубликовано: 05 мая 2020

Источник: nvd

CVSS3: 6

CVSS3: 4.9

CVSS2: 4

EPSS Низкий

Описание

The certificate used to identify the Silver Peak Cloud Portal to EdgeConnect devices is not validated. This makes it possible for someone to establish a TLS connection from EdgeConnect to an untrusted portal.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:silver-peak:unity_edgeconnect_for_amazon_web_services:-:*:*:*:*:*:*:*

cpe:2.3:a:silver-peak:unity_edgeconnect_for_azure:-:*:*:*:*:*:*:*

cpe:2.3:a:silver-peak:unity_edgeconnect_for_google_cloud_platform:-:*:*:*:*:*:*:*

cpe:2.3:a:silver-peak:unity_orchestrator:*:*:*:*:*:*:*:*

Версия до 8.9.2 (исключая)

Конфигурация 2

Одновременно

cpe:2.3:o:silver-peak:vx-500_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:vx-500:-:*:*:*:*:*:*:*

Конфигурация 3

Одновременно

cpe:2.3:o:silver-peak:vx-1000_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:vx-1000:-:*:*:*:*:*:*:*

Конфигурация 4

Одновременно

cpe:2.3:o:silver-peak:vx-2000_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:vx-2000:-:*:*:*:*:*:*:*

Конфигурация 5

Одновременно

cpe:2.3:o:silver-peak:vx-3000_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:vx-3000:-:*:*:*:*:*:*:*

Конфигурация 6

Одновременно

cpe:2.3:o:silver-peak:vx-5000_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:vx-5000:-:*:*:*:*:*:*:*

Конфигурация 7

Одновременно

cpe:2.3:o:silver-peak:vx-6000_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:vx-6000:-:*:*:*:*:*:*:*

Конфигурация 8

Одновременно

cpe:2.3:o:silver-peak:vx-7000_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:vx-7000:-:*:*:*:*:*:*:*

Конфигурация 9

Одновременно

cpe:2.3:o:silver-peak:vx-9000_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:vx-9000:-:*:*:*:*:*:*:*

Конфигурация 10

Одновременно

cpe:2.3:o:silver-peak:vx-8000_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:vx-8000:-:*:*:*:*:*:*:*

Конфигурация 11

Одновременно

cpe:2.3:o:silver-peak:nx-700_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:nx-700:-:*:*:*:*:*:*:*

Конфигурация 12

Одновременно

cpe:2.3:o:silver-peak:nx-1000_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:nx-1000:-:*:*:*:*:*:*:*

Конфигурация 13

Одновременно

cpe:2.3:o:silver-peak:nx-2000_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:nx-2000:-:*:*:*:*:*:*:*

Конфигурация 14

Одновременно

cpe:2.3:o:silver-peak:nx-3000_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:nx-3000:-:*:*:*:*:*:*:*

Конфигурация 15

Одновременно

cpe:2.3:o:silver-peak:nx-5000_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:nx-5000:-:*:*:*:*:*:*:*

Конфигурация 16

Одновременно

cpe:2.3:o:silver-peak:nx-6000_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:nx-6000:-:*:*:*:*:*:*:*

Конфигурация 17

Одновременно

cpe:2.3:o:silver-peak:nx-7000_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:nx-7000:-:*:*:*:*:*:*:*

Конфигурация 18

Одновременно

cpe:2.3:o:silver-peak:nx-8000_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:nx-8000:-:*:*:*:*:*:*:*

Конфигурация 19

Одновременно

cpe:2.3:o:silver-peak:nx-9000_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:nx-9000:-:*:*:*:*:*:*:*

Конфигурация 20

Одновременно

cpe:2.3:o:silver-peak:nx-10k_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:nx-10k:-:*:*:*:*:*:*:*

Конфигурация 21

Одновременно

cpe:2.3:o:silver-peak:nx-11k_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:nx-11k:-:*:*:*:*:*:*:*

EPSS

Процентиль: 23%

0.00075

Низкий

6 Medium

CVSS3

4.9 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-295

Связанные уязвимости

GHSA-7qwj-rq2v-gm66

CVSS3: 4.9

github

больше 3 лет назад

Details The certificate used to identify the Silver Peak Cloud Portal to EdgeConnect devices is not validated. This makes it possible for someone to establish a TLS connection from EdgeConnect to an untrusted portal. Product affected All versions affected prior to Silver Peak Unity ECOS™ 8.3.2+, 8.1.9.12+ and Silver Peak Unity Orchestrator™ 8.9.2+ Silver Peak Products Applicability Unity EdgeConnect, NX, VX Applicable Unity Orchestrator Applicable EdgeConnect in AWS, Azure, GCP Applicable Silver Peak Cloud Services Not Applicable Resolution • Changes have been made to strengthen the initial exchange between the EdgeConnect appliance and the Cloud Portal. After the changes, EdgeConnect will validate the certificate used to identify the Silver Peak Cloud Portal to EdgeConnect. • TLS itself is continually subject to newly discovered and exploitable vulnerabilities. As such, all versions of EdgeConnect software implement additional out-of-band and user-controlled authentication ...

EPSS

Процентиль: 23%

0.00075

Низкий

6 Medium

CVSS3

4.9 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-295