Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
silver-peak unity orchestrator vulnerabilities and exploits
(subscribe to this query)
578
VMScore
CVE-2020-12146
In Silver Peak Unity Orchestrator versions before 8.9.11+, 8.10.11+, or 9.0.1+, an authenticated user can access, modify, and delete restricted files on the Orchestrator server using the/debugFiles REST API.
Silver-peak Unity Orchestrator
578
VMScore
CVE-2020-12147
In Silver Peak Unity Orchestrator versions before 8.9.11+, 8.10.11+, or 9.0.1+, an authenticated user can make unauthorized MySQL queries against the Orchestrator database using the /sqlExecution REST API, which had been used for internal testing.
Silver-peak Unity Orchestrator
668
VMScore
CVE-2020-12145
Silver Peak Unity Orchestrator versions before 8.9.11+, 8.10.11+, or 9.0.1+ uses HTTP headers to authenticate REST API calls from localhost. This makes it possible to log in to Orchestrator by introducing an HTTP HOST header set to 127.0.0.1 or localhost. Orchestrator instances t...
Silver-peak Unity Orchestrator
356
VMScore
CVE-2020-12142
1. IPSec UDP key material can be retrieved from machine-to-machine interfaces and human-accessible interfaces by a user with admin credentials. Such a user, with the required system knowledge, could use this material to decrypt in-flight communication. 2. The vulnerability requir...
Silver-peak Unity Edgeconnect For Google Cloud Platform -
Silver-peak Unity Edgeconnect For Azure -
Silver-peak Unity Edgeconnect For Amazon Web Services -
Silver-peak Unity Orchestrator
Silver-peak Vx-500 Firmware -
Silver-peak Vx-1000 Firmware -
Silver-peak Vx-2000 Firmware -
Silver-peak Vx-3000 Firmware -
Silver-peak Vx-5000 Firmware -
Silver-peak Vx-6000 Firmware -
Silver-peak Vx-7000 Firmware -
Silver-peak Vx-9000 Firmware -
Silver-peak Vx-8000 Firmware -
Silver-peak Nx-700 Firmware -
Silver-peak Nx-1000 Firmware -
Silver-peak Nx-2000 Firmware -
Silver-peak Nx-3000 Firmware -
Silver-peak Nx-5000 Firmware -
Silver-peak Nx-6000 Firmware -
Silver-peak Nx-7000 Firmware -
Silver-peak Nx-8000 Firmware -
Silver-peak Nx-9000 Firmware -
356
VMScore
CVE-2020-12143
The certificate used to identify Orchestrator to EdgeConnect devices is not validated, which makes it possible for someone to establish a TLS connection from EdgeConnect to an untrusted Orchestrator.
Silver-peak Unity Edgeconnect For Google Cloud Platform -
Silver-peak Unity Edgeconnect For Azure -
Silver-peak Unity Edgeconnect For Amazon Web Services -
Silver-peak Unity Orchestrator
Silver-peak Vx-500 Firmware -
Silver-peak Vx-1000 Firmware -
Silver-peak Vx-2000 Firmware -
Silver-peak Vx-3000 Firmware -
Silver-peak Vx-5000 Firmware -
Silver-peak Vx-6000 Firmware -
Silver-peak Vx-7000 Firmware -
Silver-peak Vx-9000 Firmware -
Silver-peak Vx-8000 Firmware -
Silver-peak Nx-700 Firmware -
Silver-peak Nx-1000 Firmware -
Silver-peak Nx-2000 Firmware -
Silver-peak Nx-3000 Firmware -
Silver-peak Nx-5000 Firmware -
Silver-peak Nx-6000 Firmware -
Silver-peak Nx-7000 Firmware -
Silver-peak Nx-8000 Firmware -
Silver-peak Nx-9000 Firmware -
356
VMScore
CVE-2020-12144
The certificate used to identify the Silver Peak Cloud Portal to EdgeConnect devices is not validated. This makes it possible for someone to establish a TLS connection from EdgeConnect to an untrusted portal.
Silver-peak Unity Edgeconnect For Google Cloud Platform -
Silver-peak Unity Edgeconnect For Azure -
Silver-peak Unity Edgeconnect For Amazon Web Services -
Silver-peak Unity Orchestrator
Silver-peak Vx-500 Firmware -
Silver-peak Vx-1000 Firmware -
Silver-peak Vx-2000 Firmware -
Silver-peak Vx-3000 Firmware -
Silver-peak Vx-5000 Firmware -
Silver-peak Vx-6000 Firmware -
Silver-peak Vx-7000 Firmware -
Silver-peak Vx-9000 Firmware -
Silver-peak Vx-8000 Firmware -
Silver-peak Nx-700 Firmware -
Silver-peak Nx-1000 Firmware -
Silver-peak Nx-2000 Firmware -
Silver-peak Nx-3000 Firmware -
Silver-peak Nx-5000 Firmware -
Silver-peak Nx-6000 Firmware -
Silver-peak Nx-7000 Firmware -
Silver-peak Nx-8000 Firmware -
Silver-peak Nx-9000 Firmware -
756
VMScore
CVE-2020-12149
The configuration backup/restore function in Silver Peak Unity ECOSTM (ECOS) appliance software was found to directly incorporate the user-controlled config filename in a subsequent shell command, allowing an malicious user to manipulate the resulting command by injecting valid O...
Arubanetworks Edgeconnect Enterprise
756
VMScore
CVE-2020-12148
A command injection flaw identified in the nslookup API in Silver Peak Unity ECOSTM (ECOS) appliance software could allow an malicious user to execute arbitrary commands with the privileges of the web server running on the EdgeConnect appliance. An attacker could exploit this vul...
Arubanetworks Edgeconnect Enterprise
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started