Lucene search

[email protected]CVE-2020-12142

HistoryMay 05, 2020 - 8:15 p.m.

CVE-2020-12142

2020-05-0520:15:12

CWE-668

[email protected]

web.nvd.nist.gov

cve-2020-12142

ipsec

udp

key material

retrieval

vulnerability

edgeconnect

admin credentials

in-flight communication

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

28.5%

JSON

IPSec UDP key material can be retrieved from machine-to-machine interfaces and human-accessible interfaces by a user with admin credentials. Such a user, with the required system knowledge, could use this material to decrypt in-flight communication. 2. The vulnerability requires administrative access and shell access to the EdgeConnect appliance. An admin user can access IPSec seed and nonce parameters using the CLI, REST APIs, and the Linux shell.

Affected configurations

NVD

Node

silver-peakunity_edgeconnect_for_amazon_web_servicesMatch-

silver-peakunity_edgeconnect_for_azureMatch-

silver-peakunity_edgeconnect_for_google_cloud_platformMatch-

silver-peakunity_orchestratorRange<8.9.2

Node

arubanetworksvx-500Match-

AND

silver-peakvx-500_firmwareMatch-

Node

arubanetworksvx-1000Match-

AND

silver-peakvx-1000_firmwareMatch-

Node

arubanetworksvx-2000Match-

AND

silver-peakvx-2000_firmwareMatch-

Node

arubanetworksvx-3000Match-

AND

silver-peakvx-3000_firmwareMatch-

Node

arubanetworksvx-5000Match-

AND

silver-peakvx-5000_firmwareMatch-

Node

arubanetworksvx-6000Match-

AND

silver-peakvx-6000_firmwareMatch-

Node

arubanetworksvx-7000Match-

AND

silver-peakvx-7000_firmwareMatch-

Node

arubanetworksvx-9000Match-

AND

silver-peakvx-9000_firmwareMatch-

Node

silver-peakvx-8000_firmwareMatch-

AND

arubanetworksvx-8000Match-

Node

silver-peaknx-700_firmwareMatch-

AND

arubanetworksnx-700Match-

Node

silver-peaknx-1000_firmwareMatch-

AND

arubanetworksnx-1000Match-

Node

silver-peaknx-2000_firmwareMatch-

AND

arubanetworksnx-2000Match-

Node

silver-peaknx-3000_firmwareMatch-

AND

arubanetworksnx-3000Match-

Node

silver-peaknx-5000_firmwareMatch-

AND

arubanetworksnx-5000Match-

Node

silver-peaknx-6000_firmwareMatch-

AND

arubanetworksnx-6000Match-

Node

silver-peaknx-7000_firmwareMatch-

AND

arubanetworksnx-7000Match-

Node

silver-peaknx-8000_firmwareMatch-

AND

arubanetworksnx-8000Match-

Node

silver-peaknx-9000_firmwareMatch-

AND

arubanetworksnx-9000Match-

Node

silver-peaknx-10k_firmwareMatch-

AND

arubanetworksnx-10kMatch-

Node

silver-peaknx-11k_firmwareMatch-

AND

arubanetworksnx-11kMatch-

CPENameOperatorVersion
silver-peak:unity_edgeconnect_for_amazon_web_servicessilver-peak unity edgeconnect for amazon web serviceseq-
silver-peak:unity_edgeconnect_for_azuresilver-peak unity edgeconnect for azureeq-
silver-peak:unity_edgeconnect_for_google_cloud_platformsilver-peak unity edgeconnect for google cloud platformeq-
silver-peak:unity_orchestratorsilver-peak unity orchestratorlt8.9.2

CPE	Name	Operator	Version
silver-peak:unity_edgeconnect_for_amazon_web_services	silver-peak unity edgeconnect for amazon web services	eq	-
silver-peak:unity_edgeconnect_for_azure	silver-peak unity edgeconnect for azure	eq	-
silver-peak:unity_edgeconnect_for_google_cloud_platform	silver-peak unity edgeconnect for google cloud platform	eq	-
silver-peak:unity_orchestrator	silver-peak unity orchestrator	lt	8.9.2

CNA Affected

[
  {
    "product": "1. Unity EdgeConnect, NX, VX 2. Unity Orchestrator,   3. EdgeConnect in AWS, Azure, GCP  ",
    "vendor": "Silver Peak Systems, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "All versions affected prior to Silver Peak Unity ECOS™ 8.3.2+, 8.1.9.12+ and Silver Peak Unity Orchestrator™ 8.9.2+ "
      }
    ]
  }
]

References

www.silver-peak.com/sites/default/files/advisory/security_advisory_notice_ipsec_udp_key_material-cve_2020_12142.pdf

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

28.5%

JSON

Related for CVE-2020-12142

nvd1 prion1 cvelist1