CVE-2020-12143

EPSS 0.09%
Veröffentlicht 05.05.2020 20:15:12
Zuletzt bearbeitet 21.11.2024 04:59:20
Quelle sirt@silver-peak.com
CVE-Watchlists
Login
Unerledigt
Login

The certificate used to identify Orchestrator to EdgeConnect devices is not validated

The certificate used to identify Orchestrator to EdgeConnect devices is not validated, which makes it possible for someone to establish a TLS connection from EdgeConnect to an untrusted Orchestrator.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

NVD 24 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Silver-peak ≫ Unity Edgeconnect For Amazon Web Services Version-

Silver-peak ≫ Unity Edgeconnect For Azure Version-

Silver-peak ≫ Unity Edgeconnect For Google Cloud Platform Version-

Silver-peak ≫ Unity Orchestrator Version < 8.9.2

Silver-peak ≫ Vx-500 Firmware Version-

Arubanetworks ≫ Vx-500 Version-

Silver-peak ≫ Vx-1000 Firmware Version-

Arubanetworks ≫ Vx-1000 Version-

Silver-peak ≫ Vx-2000 Firmware Version-

Arubanetworks ≫ Vx-2000 Version-

Silver-peak ≫ Vx-3000 Firmware Version-

Arubanetworks ≫ Vx-3000 Version-

Silver-peak ≫ Vx-5000 Firmware Version-

Arubanetworks ≫ Vx-5000 Version-

Silver-peak ≫ Vx-6000 Firmware Version-

Arubanetworks ≫ Vx-6000 Version-

Silver-peak ≫ Vx-7000 Firmware Version-

Arubanetworks ≫ Vx-7000 Version-

Silver-peak ≫ Vx-9000 Firmware Version-

Arubanetworks ≫ Vx-9000 Version-

Silver-peak ≫ Vx-8000 Firmware Version-

Arubanetworks ≫ Vx-8000 Version-

Silver-peak ≫ Nx-700 Firmware Version-

Arubanetworks ≫ Nx-700 Version-

Silver-peak ≫ Nx-1000 Firmware Version-

Arubanetworks ≫ Nx-1000 Version-

Silver-peak ≫ Nx-2000 Firmware Version-

Arubanetworks ≫ Nx-2000 Version-

Silver-peak ≫ Nx-3000 Firmware Version-

Arubanetworks ≫ Nx-3000 Version-

Silver-peak ≫ Nx-5000 Firmware Version-

Arubanetworks ≫ Nx-5000 Version-

Silver-peak ≫ Nx-6000 Firmware Version-

Arubanetworks ≫ Nx-6000 Version-

Silver-peak ≫ Nx-7000 Firmware Version-

Arubanetworks ≫ Nx-7000 Version-

Silver-peak ≫ Nx-8000 Firmware Version-

Arubanetworks ≫ Nx-8000 Version-

Silver-peak ≫ Nx-9000 Firmware Version-

Arubanetworks ≫ Nx-9000 Version-

Silver-peak ≫ Nx-10k Firmware Version-

Arubanetworks ≫ Nx-10k Version-

Silver-peak ≫ Nx-11k Firmware Version-

Arubanetworks ≫ Nx-11k Version-

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.09%	0.222

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.9	1.2	3.6	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:N/I:P/A:N
sirt@silver-peak.com	6	0.5	5.5	CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:H

CWE-295 Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

https://www.silver-peak.com/sites/default/files/advisory/security_advisory_notice_rogue_orchestrator-cve_2020_12143.pdf

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-12143

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-12143

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-12143

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2020-12143