Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
silver-peak unity orchestrator vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2020-12145
Silver Peak Unity Orchestrator versions before 8.9.11+, 8.10.11+, or 9.0.1+ uses HTTP headers to authenticate REST API calls from localhost. This makes it possible to log in to Orchestrator by introducing an HTTP HOST header set to 127.0.0.1 or localhost. Orchestrator instances t...
Silver-peak Unity Orchestrator
6.5
CVSSv2
CVE-2020-12146
In Silver Peak Unity Orchestrator versions before 8.9.11+, 8.10.11+, or 9.0.1+, an authenticated user can access, modify, and delete restricted files on the Orchestrator server using the/debugFiles REST API.
Silver-peak Unity Orchestrator
6.5
CVSSv2
CVE-2020-12147
In Silver Peak Unity Orchestrator versions before 8.9.11+, 8.10.11+, or 9.0.1+, an authenticated user can make unauthorized MySQL queries against the Orchestrator database using the /sqlExecution REST API, which had been used for internal testing.
Silver-peak Unity Orchestrator
4
CVSSv2
CVE-2020-12142
1. IPSec UDP key material can be retrieved from machine-to-machine interfaces and human-accessible interfaces by a user with admin credentials. Such a user, with the required system knowledge, could use this material to decrypt in-flight communication. 2. The vulnerability requir...
Silver-peak Unity Edgeconnect For Google Cloud Platform -
Silver-peak Unity Edgeconnect For Azure -
Silver-peak Unity Edgeconnect For Amazon Web Services -
Silver-peak Unity Orchestrator
Silver-peak Vx-500 Firmware -
Silver-peak Vx-1000 Firmware -
Silver-peak Vx-2000 Firmware -
Silver-peak Vx-3000 Firmware -
Silver-peak Vx-5000 Firmware -
Silver-peak Vx-6000 Firmware -
Silver-peak Vx-7000 Firmware -
Silver-peak Vx-9000 Firmware -
Silver-peak Vx-8000 Firmware -
Silver-peak Nx-700 Firmware -
Silver-peak Nx-1000 Firmware -
Silver-peak Nx-2000 Firmware -
Silver-peak Nx-3000 Firmware -
Silver-peak Nx-5000 Firmware -
Silver-peak Nx-6000 Firmware -
Silver-peak Nx-7000 Firmware -
Silver-peak Nx-8000 Firmware -
Silver-peak Nx-9000 Firmware -
4
CVSSv2
CVE-2020-12144
The certificate used to identify the Silver Peak Cloud Portal to EdgeConnect devices is not validated. This makes it possible for someone to establish a TLS connection from EdgeConnect to an untrusted portal.
Silver-peak Unity Edgeconnect For Google Cloud Platform -
Silver-peak Unity Edgeconnect For Azure -
Silver-peak Unity Edgeconnect For Amazon Web Services -
Silver-peak Unity Orchestrator
Silver-peak Vx-500 Firmware -
Silver-peak Vx-1000 Firmware -
Silver-peak Vx-2000 Firmware -
Silver-peak Vx-3000 Firmware -
Silver-peak Vx-5000 Firmware -
Silver-peak Vx-6000 Firmware -
Silver-peak Vx-7000 Firmware -
Silver-peak Vx-9000 Firmware -
Silver-peak Vx-8000 Firmware -
Silver-peak Nx-700 Firmware -
Silver-peak Nx-1000 Firmware -
Silver-peak Nx-2000 Firmware -
Silver-peak Nx-3000 Firmware -
Silver-peak Nx-5000 Firmware -
Silver-peak Nx-6000 Firmware -
Silver-peak Nx-7000 Firmware -
Silver-peak Nx-8000 Firmware -
Silver-peak Nx-9000 Firmware -
4
CVSSv2
CVE-2020-12143
The certificate used to identify Orchestrator to EdgeConnect devices is not validated, which makes it possible for someone to establish a TLS connection from EdgeConnect to an untrusted Orchestrator.
Silver-peak Unity Edgeconnect For Google Cloud Platform -
Silver-peak Unity Edgeconnect For Azure -
Silver-peak Unity Edgeconnect For Amazon Web Services -
Silver-peak Unity Orchestrator
Silver-peak Vx-500 Firmware -
Silver-peak Vx-1000 Firmware -
Silver-peak Vx-2000 Firmware -
Silver-peak Vx-3000 Firmware -
Silver-peak Vx-5000 Firmware -
Silver-peak Vx-6000 Firmware -
Silver-peak Vx-7000 Firmware -
Silver-peak Vx-9000 Firmware -
Silver-peak Vx-8000 Firmware -
Silver-peak Nx-700 Firmware -
Silver-peak Nx-1000 Firmware -
Silver-peak Nx-2000 Firmware -
Silver-peak Nx-3000 Firmware -
Silver-peak Nx-5000 Firmware -
Silver-peak Nx-6000 Firmware -
Silver-peak Nx-7000 Firmware -
Silver-peak Nx-8000 Firmware -
Silver-peak Nx-9000 Firmware -
8.5
CVSSv2
CVE-2020-12149
The configuration backup/restore function in Silver Peak Unity ECOSTM (ECOS) appliance software was found to directly incorporate the user-controlled config filename in a subsequent shell command, allowing an malicious user to manipulate the resulting command by injecting valid O...
Arubanetworks Edgeconnect Enterprise
8.5
CVSSv2
CVE-2020-12148
A command injection flaw identified in the nslookup API in Silver Peak Unity ECOSTM (ECOS) appliance software could allow an malicious user to execute arbitrary commands with the privileges of the web server running on the EdgeConnect appliance. An attacker could exploit this vul...
Arubanetworks Edgeconnect Enterprise
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700
CVE-2022-48689
CVE-2024-27956
CVE-2023-6363
SQL
NULL pointer dereference
CVE-2023-41830
CVE-2015-2051
arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started