6 matches found
CVE-2020-12142
CVE-2020-12142 affects the EdgeConnect appliance. An admin user with shell access can retrieve IPSec UDP key material (IPSec seed and nonce) via CLI, REST APIs, or the Linux shell, enabling potential decryption of in-flight traffic. The issue requires administrative access and is described across...
CVE-2020-12143
The CVE-2020-12143 issue arises from failure to validate the certificate used to identify Orchestrator to EdgeConnect devices, allowing an attacker to establish a TLS connection from EdgeConnect to an untrusted Orchestrator. Affected product context centers on EdgeConnect/Orchestrator interaction...
CVE-2020-12144
CVE-2020-12144 describes a trust-management vulnerability in Silver Peak EdgeConnect where the certificate used to identify the Cloud Portal to EdgeConnect devices is not validated. This allows establishing a TLS connection from EdgeConnect to an untrusted portal, potentially enabling man-in-the-...
CVE-2020-12147
CVE-2020-12147 affects Silver Peak Unity Orchestrator. An authenticated user can issue unauthorized MySQL queries against the Orchestrator database through the /sqlExecution REST API. Affected versions: prior to 8.9.11+, 8.10.11+, or 9.0.1+. Documentation notes that patches are available to remed...
CVE-2020-12146
CVE-2020-12146 concerns Silver Peak Unity Orchestrator path traversal via the /debugFiles REST API. An authenticated user can access, modify, and delete restricted files on the Orchestrator server. Affected versions are pre-8.9.11+, 8.10.11+, and 9.0.1+. ThreatPost notes that patches exist, and S...
CVE-2020-12145
Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+ are affected by CVE-2020-12145, which allows login via HTTP Host header spoofing to localhost. The vulnerability stems from authenticating REST API calls from localhost using the host header, enabling an attacker to byp...