Unrated severityNVD Advisory· Published May 5, 2020· Updated Aug 4, 2024

The certificate used to identify the Silver Peak Cloud Portal to EdgeConnect devices is not validated

CVE-2020-12144

Description

The certificate used to identify the Silver Peak Cloud Portal to EdgeConnect devices is not validated. This makes it possible for someone to establish a TLS connection from EdgeConnect to an untrusted portal.

Affected products

HPE/EdgeConnect OSllm-fuzzy
Silver Peak Systems, Inc./1. Unity EdgeConnect, NX, VX 2. Unity Orchestrator  3. EdgeConnect in AWS, Azure, GCPv5
Range: All versions affected prior to Silver Peak Unity ECOS™ 8.3.2+, 8.1.9.12+ and Silver Peak Unity Orchestrator™ 8.9.2+

Patches

Vulnerability mechanics

References

www.silver-peak.com/sites/default/files/advisory/security_advisory_notice_rogue_portal-cve_2020_12144.pdfmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000