Medium severity6.8NVD Advisory· Published Dec 11, 2020· Updated Jun 17, 2026
CVE-2020-12149
CVE-2020-12149
Description
The configuration backup/restore function in Silver Peak Unity ECOSTM (ECOS) appliance software was found to directly incorporate the user-controlled config filename in a subsequent shell command, allowing an attacker to manipulate the resulting command by injecting valid OS command input. This vulnerability can be exploited by an attacker with authenticated access to the Orchestrator UI or EdgeConnect UI. This affects all ECOS versions prior to: 8.1.9.15, 8.3.0.8, 8.3.1.2, 8.3.2.0, 9.0.2.0, and 9.1.0.0.
Affected products
2- Range: < 8.1.9.15, < 8.3.0.8, < 8.3.1.2, < 8.3.2.0, < 9.0.2.0, < 9.1.0.0
- Range: All current ECOS versions prior to 8.1.9.15
Patches
Vulnerability mechanics
References
1- www.silver-peak.com/support/user-documentation/security-advisoriesnvdVendor Advisory
News mentions
0No linked articles in our index yet.