Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

CVE-2020-12144 : Exploit Details and Defense Strategies

Learn about CVE-2020-12144 affecting Silver Peak Systems, Inc.'s Unity EdgeConnect, NX, VX, and Unity Orchestrator. Discover the impact, affected versions, and mitigation steps.

This CVE involves a vulnerability in Silver Peak Systems, Inc.'s Unity EdgeConnect, NX, VX, and Unity Orchestrator, affecting versions prior to Silver Peak Unity ECOS 8.3.2+, 8.1.9.12+, and Silver Peak Unity Orchestrator 8.9.2+.

Understanding CVE-2020-12144

The vulnerability allows the establishment of a TLS connection from EdgeConnect to an untrusted portal due to the lack of validation of the certificate used to identify the Silver Peak Cloud Portal.

What is CVE-2020-12144?

The certificate validation issue in Silver Peak Cloud Portal to EdgeConnect devices enables potential unauthorized TLS connections, posing security risks.

The Impact of CVE-2020-12144

        CVSS Score: 6 (Medium Severity)
        Attack Vector: Network
        Attack Complexity: High
        Confidentiality Impact: Low
        Integrity Impact: High
        Availability Impact: High
        Privileges Required: High
        User Interaction: Required

Technical Details of CVE-2020-12144

This section provides detailed technical insights into the vulnerability.

Vulnerability Description

The vulnerability arises from the lack of certificate validation, allowing unauthorized TLS connections from EdgeConnect to untrusted portals.

Affected Systems and Versions

        Affected Products: Unity EdgeConnect, NX, VX, Unity Orchestrator, EdgeConnect in AWS, Azure, GCP
        Affected Versions: All versions prior to Silver Peak Unity ECOS 8.3.2+, 8.1.9.12+, and Silver Peak Unity Orchestrator 8.9.2+

Exploitation Mechanism

The vulnerability can be exploited by establishing unauthorized TLS connections from EdgeConnect to untrusted portals due to the absence of certificate validation.

Mitigation and Prevention

Protect your systems from CVE-2020-12144 with the following steps:

Immediate Steps to Take

        Strengthen the initial exchange between EdgeConnect and the Cloud Portal
        Validate the certificate used to identify the Silver Peak Cloud Portal
        Implement additional out-of-band and user-controlled authentication mechanisms

Long-Term Security Practices

        Avoid changing Cloud Portal's IP address as discovered by EdgeConnect
        Upgrade to Silver Peak Unity ECOS 8.3.2+ or 8.1.9.12+ and Silver Peak Unity Orchestrator 8.9.2+
        Enable the 'Verify Portal Certificate' option in Orchestrator's Advanced Security Settings

Patching and Updates

Stay secure by applying the necessary patches and updates to address the vulnerability.

Popular CVEs

CVE Id

Published Date

Is your System Free of Underlying Vulnerabilities?
Find Out Now