← Retour aux CVEs
CVE-2020-12149
MEDIUM6.8
Description
The configuration backup/restore function in Silver Peak Unity ECOSTM (ECOS) appliance software was found to directly incorporate the user-controlled config filename in a subsequent shell command, allowing an attacker to manipulate the resulting command by injecting valid OS command input. This vulnerability can be exploited by an attacker with authenticated access to the Orchestrator UI or EdgeConnect UI. This affects all ECOS versions prior to: 8.1.9.15, 8.3.0.8, 8.3.1.2, 8.3.2.0, 9.0.2.0, and 9.1.0.0.
Details CVE
Score CVSS v3.16.8
SeveriteMEDIUM
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisHIGH
Interaction utilisateurREQUIRED
Publie12/11/2020
Derniere modification12/12/2024
Sourcenvd
Observations honeypot0
Produits affectes
arubanetworks:edgeconnect_enterprisearubanetworks:nx-10700arubanetworks:nx-11700arubanetworks:nx-1700arubanetworks:nx-2700arubanetworks:nx-3700arubanetworks:nx-5700arubanetworks:nx-6700arubanetworks:nx-700arubanetworks:nx-7700arubanetworks:nx-8700arubanetworks:nx-9700arubanetworks:vx-1000arubanetworks:vx-2000arubanetworks:vx-3000arubanetworks:vx-500arubanetworks:vx-5000arubanetworks:vx-6000arubanetworks:vx-7000arubanetworks:vx-8000arubanetworks:vx-9000silver-peak:unity_edgeconnect
Faiblesses (CWE)
CWE-78CWE-78
References
https://www.silver-peak.com/support/user-documentation/security-advisories(sirt@silver-peak.com)
https://www.silver-peak.com/support/user-documentation/security-advisories(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.