CVE-2020-12148 OS Command Injection - nslookup API

🗓️ 11 Dec 2020 15:24:23Reported by Silver PeakType

CVE-2020-12148 OS Command Injection flaw in Silver Peak Unity ECOSTM (ECOS) appliance software, allowing attacker to execute arbitrary commands and take control of the target system

Reporter	Title	Published	Views	Family All 8
BDU FSTEC	The vulnerability in the web interface of the Aruba EdgeConnect Enterprise network management platform allows a attacker to execute arbitrary code.	23 Nov 202300:00	–	bdu_fstec
Circl	CVE-2020-12148	11 Dec 202018:37	–	circl
CNNVD	Silver Peak Systems EdgeConnect Software Operating System Command Injection Vulnerability	11 Dec 202000:00	–	cnnvd
CVE	CVE-2020-12148	11 Dec 202015:24	–	cve
EUVD	EUVD-2020-4463	7 Oct 202500:30	–	euvd
NVD	CVE-2020-12148	11 Dec 202016:15	–	nvd
Prion	Command injection	11 Dec 202016:15	–	prion
Positive Technologies	PT-2020-6945 · Silver Peak · Silver Peak Unity Ecostm	11 Dec 202000:00	–	ptsecurity

[
  {
    "product": "ECOS",
    "vendor": "Silver Peak Systems, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "All current ECOS versions prior to 8.1.9.15"
      },
      {
        "status": "affected",
        "version": "8.3.0.8"
      },
      {
        "status": "affected",
        "version": "8.3.1.2"
      },
      {
        "status": "affected",
        "version": "8.3.2.0"
      },
      {
        "status": "affected",
        "version": "9.0.2.0"
      },
      {
        "status": "affected",
        "version": "and 9.1.0.0"
      }
    ]
  }
]

Source	Link
silver-peak	www.silver-peak.com/support/user-documentation/security-advisories

15 Dec 2020 16:13Current

7.2High risk

Vulners AI Score7.2

CVSS 3.16.8

EPSS0.02058

CWE-78