Command injection

The configuration backup/restore function in Silver Peak Unity ECOSTM ECOS appliance software was found to directly incorporate the user-controlled config filename in a subsequent shell command, allowing an attacker to manipulate the resulting command by injecting valid OS command input. This...

CVE-2020-12148

CVE-2020-12148 is a command injection flaw in the nslookup API of Silver Peak Unity ECOS appliances. The vulnerability allows an attacker with authenticated access to the Orchestrator UI or EdgeConnect UI to run arbitrary commands with the web server’s privileges, potentially taking control of th...

CVE-2020-12149

CVE-2020-12149 affects Silver Peak Unity ECOS appliances and relates to a command injection in the configuration backup/restore function. The root cause is that the user-controlled config filename is incorporated directly into a subsequent shell command, enabling an authenticated attacker with ac...

CVE-2020-12149 OS Command Injection - Management File Upload

The configuration backup/restore function in Silver Peak Unity ECOSTM ECOS appliance software was found to directly incorporate the user-controlled config filename in a subsequent shell command, allowing an attacker to manipulate the resulting command by injecting valid OS command input. This...

PT-2020-6945 · Silver Peak · Silver Peak Unity Ecostm

Name of the Vulnerable Software and Affected Versions: Silver Peak Unity ECOSTM ECOS versions prior to 8.1.9.15 Silver Peak Unity ECOSTM ECOS versions prior to 8.3.0.8 Silver Peak Unity ECOSTM ECOS versions prior to 8.3.1.2 Silver Peak Unity ECOSTM ECOS versions prior to 8.3.2.0 Silver Peak Unity...