Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2020-12143
PUBLISHED
More InfoOfficial Page
Assigner-Silver Peak
Assigner Org ID-83cc1b1a-46b0-4ac1-94f2-bbef3319bc4c
View Known Exploited Vulnerability (KEV) details
Published At-05 May, 2020 | 19:53
Updated At-04 Aug, 2024 | 11:48
Rejected At-
▼CVE Numbering Authority (CNA)
The certificate used to identify Orchestrator to EdgeConnect devices is not validated

The certificate used to identify Orchestrator to EdgeConnect devices is not validated, which makes it possible for someone to establish a TLS connection from EdgeConnect to an untrusted Orchestrator.

Affected Products
Vendor
Silver Peak Systems, Inc.
Product
1. Unity EdgeConnect, NX, VX 2. Unity Orchestrator,   3. EdgeConnect in AWS, Azure, GCP 
Versions
Affected
  • All versions affected prior to Silver Peak Unity ECOS™ 8.3.2+, 8.1.9.12+ and Silver Peak Unity Orchestrator™ 8.9.2+
Problem Types
TypeCWE IDDescription
CWECWE-295CWE-295: Improper Certificate Validation
Type: CWE
CWE ID: CWE-295
Description: CWE-295: Improper Certificate Validation
Metrics
VersionBase scoreBase severityVector
3.16.0MEDIUM
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:H
Version: 3.1
Base score: 6.0
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Any required configuration • Do not change Orchestrator’s IP address as discovered by the EdgeConnect appliance. • Upgrade to Silver Peak Unity ECOS™ 8.3.2+ or 8.1.9.12+ and Silver Peak Unity Orchestrator™ 8.9.2+. • In Orchestrator, enable the “Verify Orchestrator Certificate” option under Advanced Security Settings. Solution link - References The full details of the CVE can be found at https://www.silver-peak.com/sites/default/files/advisory/security_advisory_notice_rogue_orchestrator_cve_2020_12143.pdf

Configurations

Any required configuration • Do not change Orchestrator’s IP address as discovered by the EdgeConnect appliance. • Upgrade to Silver Peak Unity ECOS™ 8.3.2+ or 8.1.9.12+ and Silver Peak Unity Orchestrator™ 8.9.2+. • In Orchestrator, enable the “Verify Orchestrator Certificate” option under Advanced Security Settings. Solution link - References The full details of the CVE can be found at https://www.cvedetails.com/cve/CVE-2020-12143.

Workarounds
Exploits
Credits
This vulnerability was reported to Silver Peak by Denis Kolegov, Mariya Nedyak, and Anton Nikolaev from the SD-WAN New Hop team.
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.silver-peak.com/sites/default/files/advisory/security_advisory_notice_rogue_orchestrator-cve_2020_12143.pdf
x_refsource_CONFIRM
Hyperlink: https://www.silver-peak.com/sites/default/files/advisory/security_advisory_notice_rogue_orchestrator-cve_2020_12143.pdf
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.silver-peak.com/sites/default/files/advisory/security_advisory_notice_rogue_orchestrator-cve_2020_12143.pdf
x_refsource_CONFIRM
x_transferred
Hyperlink: https://www.silver-peak.com/sites/default/files/advisory/security_advisory_notice_rogue_orchestrator-cve_2020_12143.pdf
Resource:
x_refsource_CONFIRM
x_transferred
Details not found