CVE-2020-12144

Summary

The certificate used to identify the Silver Peak Cloud Portal to EdgeConnect devices is not validated. This makes it possible for someone to establish a TLS connection from EdgeConnect to an untrusted portal.

Affected Software

VendorProductVersion RangeStatus
Silver Peak Systems, Inc.1. Unity EdgeConnect, NX, VX 2. Unity Orchestrator  3. EdgeConnect in AWS, Azure, GCPAll versions affected prior to Silver Peak Unity ECOS™ 8.3.2+, 8.1.9.12+ and Silver Peak Unity Orchestrator™ 8.9.2+affected

Weaknesses

  • CWE-295: CWE-295: Improper Certificate Validation

ADP Enrichment

CVE Program Container

Additional References

References