Unrated severityNVD Advisory· Published May 5, 2020· Updated Aug 4, 2024

The certificate used to identify Orchestrator to EdgeConnect devices is not validated

CVE-2020-12143

Description

The certificate used to identify Orchestrator to EdgeConnect devices is not validated, which makes it possible for someone to establish a TLS connection from EdgeConnect to an untrusted Orchestrator.

Affected products

Silver Peak/Unity Orchestratorllm-fuzzy
HPE/EdgeConnect OSllm-fuzzy
Silver Peak Systems, Inc./1. Unity EdgeConnect, NX, VX 2. Unity Orchestrator,   3. EdgeConnect in AWS, Azure, GCPv5
Range: All versions affected prior to Silver Peak Unity ECOS™ 8.3.2+, 8.1.9.12+ and Silver Peak Unity Orchestrator™ 8.9.2+

Patches

Vulnerability mechanics

References

www.silver-peak.com/sites/default/files/advisory/security_advisory_notice_rogue_orchestrator-cve_2020_12143.pdfmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000