Learn about CVE-2020-12146, a vulnerability in Silver Peak Unity OrchestratorTM allowing authenticated users to manipulate restricted files. Find mitigation steps and upgrade recommendations.
Silver Peak Unity OrchestratorTM subject to path traversal.
Understanding CVE-2020-12146
In Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+, an authenticated user can access, modify, and delete restricted files on the Orchestrator server using the/debugFiles REST API.
What is CVE-2020-12146?
CVE-2020-12146 refers to a vulnerability in Silver Peak Unity Orchestrator that allows authenticated users to manipulate restricted files on the server through the/debugFiles REST API.
The Impact of CVE-2020-12146
The vulnerability has a CVSS base score of 6.6, indicating a medium severity issue with high impacts on confidentiality, integrity, and availability of the affected systems.
Technical Details of CVE-2020-12146
Vulnerability Description
The flaw in Silver Peak Unity Orchestrator versions allows authenticated users to perform unauthorized actions on restricted files.
Affected Systems and Versions
Exploitation Mechanism
The vulnerability can be exploited by authenticated users leveraging the/debugFiles REST API to access, modify, and delete files on the server.
Mitigation and Prevention
Immediate Steps to Take
Long-Term Security Practices
Patching and Updates