CVE-2020-12143
6
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:H
Summary
The certificate used to identify Orchestrator to EdgeConnect devices is not validated, which makes it possible for someone to establish a TLS connection from EdgeConnect to an untrusted Orchestrator.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Silver Peak Systems, Inc. | 1. Unity EdgeConnect, NX, VX 2. Unity Orchestrator, 3. EdgeConnect in AWS, Azure, GCP | All versions affected prior to Silver Peak Unity ECOS™ 8.3.2+, 8.1.9.12+ and Silver Peak Unity Orchestrator™ 8.9.2+ | affected |
Weaknesses
- CWE-295: CWE-295: Improper Certificate Validation
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.