6
CVE-2020-12144
- EPSS 0.08%
- Published 05.05.2020 20:15:12
- Last modified 21.11.2024 04:59:21
- Source sirt@silver-peak.com
- Teams watchlist Login
- Open Login
The certificate used to identify the Silver Peak Cloud Portal to EdgeConnect devices is not validated. This makes it possible for someone to establish a TLS connection from EdgeConnect to an untrusted portal.
Data is provided by the National Vulnerability Database (NVD)
Silver-peak ≫ Unity Edgeconnect For Azure Version-
Silver-peak ≫ Unity Orchestrator Version < 8.9.2
Silver-peak ≫ Vx-500 Firmware Version-
Silver-peak ≫ Vx-1000 Firmware Version-
Silver-peak ≫ Vx-2000 Firmware Version-
Silver-peak ≫ Vx-3000 Firmware Version-
Silver-peak ≫ Vx-5000 Firmware Version-
Silver-peak ≫ Vx-6000 Firmware Version-
Silver-peak ≫ Vx-7000 Firmware Version-
Silver-peak ≫ Vx-9000 Firmware Version-
Silver-peak ≫ Vx-8000 Firmware Version-
Silver-peak ≫ Nx-700 Firmware Version-
Silver-peak ≫ Nx-1000 Firmware Version-
Silver-peak ≫ Nx-2000 Firmware Version-
Silver-peak ≫ Nx-3000 Firmware Version-
Silver-peak ≫ Nx-5000 Firmware Version-
Silver-peak ≫ Nx-6000 Firmware Version-
Silver-peak ≫ Nx-7000 Firmware Version-
Silver-peak ≫ Nx-8000 Firmware Version-
Silver-peak ≫ Nx-9000 Firmware Version-
Silver-peak ≫ Nx-10k Firmware Version-
Silver-peak ≫ Nx-11k Firmware Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.08% | 0.197 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 4.9 | 1.2 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:N/I:P/A:N
|
| sirt@silver-peak.com | 6 | 0.5 | 5.5 |
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:H
|
CWE-295 Improper Certificate Validation
The product does not validate, or incorrectly validates, a certificate.