CVE-2020-12148

A command injection flaw identified in the nslookup API in Silver Peak Unity ECOSTM ECOS appliance software could allow an attacker to execute arbitrary commands with the privileges of the web server running on the EdgeConnect appliance. An attacker could exploit this vulnerability to establish a...

CVE-2020-12148

A command injection flaw identified in the nslookup API in Silver Peak Unity ECOSTM ECOS appliance software could allow an attacker to execute arbitrary commands with the privileges of the web server running on the EdgeConnect appliance. An attacker could exploit this vulnerability to establish a...

CVE-2020-12149

The configuration backup/restore function in Silver Peak Unity ECOSTM ECOS appliance software was found to directly incorporate the user-controlled config filename in a subsequent shell command, allowing an attacker to manipulate the resulting command by injecting valid OS command input. This...

Command injection

A command injection flaw identified in the nslookup API in Silver Peak Unity ECOSTM ECOS appliance software could allow an attacker to execute arbitrary commands with the privileges of the web server running on the EdgeConnect appliance. An attacker could exploit this vulnerability to establish a...

CVE-2020-12148

CVE-2020-12148 is a command injection flaw in the nslookup API of Silver Peak Unity ECOS appliances. The vulnerability allows an attacker with authenticated access to the Orchestrator UI or EdgeConnect UI to run arbitrary commands with the web server’s privileges, potentially taking control of th...

CVE-2020-12148 OS Command Injection - nslookup API

A command injection flaw identified in the nslookup API in Silver Peak Unity ECOSTM ECOS appliance software could allow an attacker to execute arbitrary commands with the privileges of the web server running on the EdgeConnect appliance. An attacker could exploit this vulnerability to establish a...

CVE-2020-12149

CVE-2020-12149 affects Silver Peak Unity ECOS appliances and relates to a command injection in the configuration backup/restore function. The root cause is that the user-controlled config filename is incorporated directly into a subsequent shell command, enabling an authenticated attacker with ac...

CVE-2020-12149 OS Command Injection - Management File Upload

The configuration backup/restore function in Silver Peak Unity ECOSTM ECOS appliance software was found to directly incorporate the user-controlled config filename in a subsequent shell command, allowing an attacker to manipulate the resulting command by injecting valid OS command input. This...

Silver Peak Unity ECOSTM OS Command Injection Vulnerability

Silver Peak Systems EdgeConnect Software ECOS is a suite of software-defined, wide-area networking platforms from Silver Peak Systems, USA. The platform provides features such as path conditioning, application classification, routing and virtual WAN overlay. Silver Peak Unity ECOSTM suffers from ...