Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2020-12149

Опубликовано: 11 дек. 2020
Источник: nvd
CVSS3: 6.8
CVSS2: 8.5
EPSS Низкий

Описание

The configuration backup/restore function in Silver Peak Unity ECOSTM (ECOS) appliance software was found to directly incorporate the user-controlled config filename in a subsequent shell command, allowing an attacker to manipulate the resulting command by injecting valid OS command input. This vulnerability can be exploited by an attacker with authenticated access to the Orchestrator UI or EdgeConnect UI. This affects all ECOS versions prior to: 8.1.9.15, 8.3.0.8, 8.3.1.2, 8.3.2.0, 9.0.2.0, and 9.1.0.0.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:arubanetworks:edgeconnect_enterprise:*:*:*:*:*:*:*:*
Версия от 8.1 (включая) до 8.1.9.15 (исключая)
cpe:2.3:a:arubanetworks:edgeconnect_enterprise:*:*:*:*:*:*:*:*
Версия от 8.3.0 (включая) до 8.3.0.8 (исключая)
cpe:2.3:a:arubanetworks:edgeconnect_enterprise:*:*:*:*:*:*:*:*
Версия от 8.3.1 (включая) до 8.3.1.2 (исключая)
cpe:2.3:a:arubanetworks:edgeconnect_enterprise:*:*:*:*:*:*:*:*
Версия от 9.0 (включая) до 9.0.2.0 (исключая)

Одно из

cpe:2.3:a:arubanetworks:vx-1000:-:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:vx-2000:-:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:vx-3000:-:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:vx-500:-:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:vx-5000:-:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:vx-6000:-:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:vx-7000:-:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:vx-8000:-:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:vx-9000:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:nx-10700:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:nx-11700:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:nx-1700:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:nx-2700:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:nx-3700:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:nx-5700:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:nx-6700:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:nx-700:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:nx-7700:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:nx-8700:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:nx-9700:-:*:*:*:*:*:*:*
cpe:2.3:h:silver-peak:unity_edgeconnect:-:*:*:*:*:*:*:*

EPSS

Процентиль: 59%
0.00373
Низкий

6.8 Medium

CVSS3

8.5 High

CVSS2

Дефекты

CWE-78
CWE-78

Связанные уязвимости

github логотип

GHSA-3cxg-2w2v-rw6r

CVSS3: 6.8
github
больше 3 лет назад

The configuration backup/restore function in Silver Peak Unity ECOSTM (ECOS) appliance software was found to directly incorporate the user-controlled config filename in a subsequent shell command, allowing an attacker to manipulate the resulting command by injecting valid OS command input. This vulnerability can be exploited by an attacker with authenticated access to the Orchestrator UI or EdgeConnect UI. This affects ll current ECOS versions: 8.1.9.15, 8.3.0.8, 8.3.1.2, 8.3.2.0, 9.0.2.0, and 9.1.0.0.

EPSS

Процентиль: 59%
0.00373
Низкий

6.8 Medium

CVSS3

8.5 High

CVSS2

Дефекты

CWE-78
CWE-78