Products

Solutions

Company

Book A Live Demo

CVE-2020-12143 : Security Advisory and Response

Learn about CVE-2020-12143 affecting Silver Peak Systems, Inc.'s Unity EdgeConnect, NX, VX, and Unity Orchestrator. Find out the impact, affected versions, and mitigation steps.

This CVE involves a vulnerability in Silver Peak Systems, Inc.'s Unity EdgeConnect, NX, VX, and Unity Orchestrator, affecting versions prior to Silver Peak Unity ECOS 8.3.2+, 8.1.9.12+, and Silver Peak Unity Orchestrator 8.9.2+.

Understanding CVE-2020-12143

This CVE highlights a flaw where the certificate used to identify Orchestrator to EdgeConnect devices is not validated, potentially allowing the establishment of a TLS connection from EdgeConnect to an untrusted Orchestrator.

What is CVE-2020-12143?

The vulnerability arises from improper certificate validation, categorized under CWE-295.

The Impact of CVE-2020-12143

The CVSS score for this vulnerability is 6, with a base severity level of MEDIUM. The attack complexity is HIGH, requiring network access and high privileges. It can lead to high availability and integrity impacts.

Technical Details of CVE-2020-12143

This section delves into the specifics of the vulnerability.

Vulnerability Description

The certificate validation issue allows unauthorized TLS connections between EdgeConnect and untrusted Orchestrator instances.

Affected Systems and Versions

Products: Unity EdgeConnect, NX, VX, Unity Orchestrator, EdgeConnect in AWS, Azure, GCP

Versions: All versions prior to Silver Peak Unity ECOS 8.3.2+, 8.1.9.12+, and Silver Peak Unity Orchestrator 8.9.2+

Exploitation Mechanism

The vulnerability can be exploited by establishing unauthorized TLS connections between EdgeConnect and untrusted Orchestrator instances.

Mitigation and Prevention

Protect your systems from CVE-2020-12143 with the following measures:

Immediate Steps to Take

Avoid changing Orchestrator's IP address as discovered by the EdgeConnect appliance.

Upgrade to Silver Peak Unity ECOS 8.3.2+ or 8.1.9.12+ and Silver Peak Unity Orchestrator 8.9.2+.

Enable the 'Verify Orchestrator Certificate' option in Orchestrator's Advanced Security Settings.

CVE-2020-12143 : Security Advisory and Response

Understanding CVE-2020-12143

What is CVE-2020-12143?

The Impact of CVE-2020-12143

Technical Details of CVE-2020-12143

Vulnerability Description

Affected Systems and Versions

Exploitation Mechanism

Mitigation and Prevention

Immediate Steps to Take

Long-Term Security Practices

Patching and Updates

Popular CVEs

CVE Id

Published Date

Is your System Free of Underlying Vulnerabilities?
Find Out Now

CVE-2020-12143 : Security Advisory and Response

.css-lczsrn{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:24px;font-weight:700;margin-top:1rem;font-family:sans-serif;}Understanding CVE-2020-12143

.css-ru2q5j{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:1.2rem;font-weight:700;margin-top:1rem;margin-bottom:0rem;font-family:sans-serif;}What is CVE-2020-12143?

The Impact of CVE-2020-12143

Technical Details of CVE-2020-12143

Vulnerability Description

Affected Systems and Versions

Exploitation Mechanism

Mitigation and Prevention

Immediate Steps to Take

Long-Term Security Practices

Patching and Updates

Popular CVEs

CVE Id

Published Date

Is your System Free of Underlying Vulnerabilities? Find Out Now

Understanding CVE-2020-12143

What is CVE-2020-12143?

Is your System Free of Underlying Vulnerabilities?
Find Out Now