CVE-2020-12144
6
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:H
Summary
The certificate used to identify the Silver Peak Cloud Portal to EdgeConnect devices is not validated. This makes it possible for someone to establish a TLS connection from EdgeConnect to an untrusted portal.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Silver Peak Systems, Inc. | 1. Unity EdgeConnect, NX, VX 2. Unity Orchestrator 3. EdgeConnect in AWS, Azure, GCP | All versions affected prior to Silver Peak Unity ECOS™ 8.3.2+, 8.1.9.12+ and Silver Peak Unity Orchestrator™ 8.9.2+ | affected |
Weaknesses
- CWE-295: CWE-295: Improper Certificate Validation
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.