CVE-2020-12142

EPSS 0.3%
Published 05.05.2020 20:15:12
Last modified 21.11.2024 04:59:20
Source sirt@silver-peak.com
Teams watchlist Login
Open Login

1. IPSec UDP key material can be retrieved from machine-to-machine interfaces and human-accessible interfaces by a user with admin credentials. Such a user, with the required system knowledge, could use this material to decrypt in-flight communication. 2. The vulnerability requires administrative access and shell access to the EdgeConnect appliance. An admin user can access IPSec seed and nonce parameters using the CLI, REST APIs, and the Linux shell.

Affected products Warnungen 0 Metrics 4 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Silver-peak ≫ Unity Edgeconnect For Amazon Web Services Version-

Silver-peak ≫ Unity Edgeconnect For Azure Version-

Silver-peak ≫ Unity Edgeconnect For Google Cloud Platform Version-

Silver-peak ≫ Unity Orchestrator Version < 8.9.2

Silver-peak ≫ Vx-500 Firmware Version-

Arubanetworks ≫ Vx-500 Version-

Silver-peak ≫ Vx-1000 Firmware Version-

Arubanetworks ≫ Vx-1000 Version-

Silver-peak ≫ Vx-2000 Firmware Version-

Arubanetworks ≫ Vx-2000 Version-

Silver-peak ≫ Vx-3000 Firmware Version-

Arubanetworks ≫ Vx-3000 Version-

Silver-peak ≫ Vx-5000 Firmware Version-

Arubanetworks ≫ Vx-5000 Version-

Silver-peak ≫ Vx-6000 Firmware Version-

Arubanetworks ≫ Vx-6000 Version-

Silver-peak ≫ Vx-7000 Firmware Version-

Arubanetworks ≫ Vx-7000 Version-

Silver-peak ≫ Vx-9000 Firmware Version-

Arubanetworks ≫ Vx-9000 Version-

Silver-peak ≫ Vx-8000 Firmware Version-

Arubanetworks ≫ Vx-8000 Version-

Silver-peak ≫ Nx-700 Firmware Version-

Arubanetworks ≫ Nx-700 Version-

Silver-peak ≫ Nx-1000 Firmware Version-

Arubanetworks ≫ Nx-1000 Version-

Silver-peak ≫ Nx-2000 Firmware Version-

Arubanetworks ≫ Nx-2000 Version-

Silver-peak ≫ Nx-3000 Firmware Version-

Arubanetworks ≫ Nx-3000 Version-

Silver-peak ≫ Nx-5000 Firmware Version-

Arubanetworks ≫ Nx-5000 Version-

Silver-peak ≫ Nx-6000 Firmware Version-

Arubanetworks ≫ Nx-6000 Version-

Silver-peak ≫ Nx-7000 Firmware Version-

Arubanetworks ≫ Nx-7000 Version-

Silver-peak ≫ Nx-8000 Firmware Version-

Arubanetworks ≫ Nx-8000 Version-

Silver-peak ≫ Nx-9000 Firmware Version-

Arubanetworks ≫ Nx-9000 Version-

Silver-peak ≫ Nx-10k Firmware Version-

Arubanetworks ≫ Nx-10k Version-

Silver-peak ≫ Nx-11k Firmware Version-

Arubanetworks ≫ Nx-11k Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.3%	0.506

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.9	1.2	3.6	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N
sirt@silver-peak.com	4.8	0.5	4.2	CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N

CWE-668 Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

https://www.silver-peak.com/sites/default/files/advisory/security_advisory_notice_ipsec_udp_key_material-cve_2020_12142.pdf

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-12142

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-12142

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-12142

EUVD