CVE-2020-12143

The certificate used to identify Orchestrator to EdgeConnect devices is not validated, which makes it possible for someone to establish a TLS connection from EdgeConnect to an untrusted Orchestrator.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:silver-peak:unity_edgeconnect_for_amazon_web_services:-:*:*:*:*:*:*:*
cpe:2.3:a:silver-peak:unity_edgeconnect_for_azure:-:*:*:*:*:*:*:*
cpe:2.3:a:silver-peak:unity_edgeconnect_for_google_cloud_platform:-:*:*:*:*:*:*:*
cpe:2.3:a:silver-peak:unity_orchestrator:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:silver-peak:vx-500_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:vx-500:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:silver-peak:vx-1000_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:vx-1000:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:silver-peak:vx-2000_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:vx-2000:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:silver-peak:vx-3000_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:vx-3000:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:silver-peak:vx-5000_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:vx-5000:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:silver-peak:vx-6000_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:vx-6000:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:silver-peak:vx-7000_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:vx-7000:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:silver-peak:vx-9000_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:vx-9000:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:silver-peak:vx-8000_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:vx-8000:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:silver-peak:nx-700_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:nx-700:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:silver-peak:nx-1000_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:nx-1000:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:silver-peak:nx-2000_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:nx-2000:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:silver-peak:nx-3000_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:nx-3000:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:silver-peak:nx-5000_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:nx-5000:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:silver-peak:nx-6000_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:nx-6000:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:silver-peak:nx-7000_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:nx-7000:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:silver-peak:nx-8000_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:nx-8000:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:silver-peak:nx-9000_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:nx-9000:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND
cpe:2.3:o:silver-peak:nx-10k_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:nx-10k:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND
cpe:2.3:o:silver-peak:nx-11k_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:nx-11k:-:*:*:*:*:*:*:*

History

21 Nov 2024, 04:59

Type Values Removed Values Added
CVSS v2 : 4.0
v3 : 4.9
v2 : 4.0
v3 : 6.0
References () https://www.silver-peak.com/sites/default/files/advisory/security_advisory_notice_rogue_orchestrator-cve_2020_12143.pdf - Vendor Advisory () https://www.silver-peak.com/sites/default/files/advisory/security_advisory_notice_rogue_orchestrator-cve_2020_12143.pdf - Vendor Advisory

07 Nov 2023, 21:16

Type Values Removed Values Added
CPE cpe:2.3:h:silver-peak:nx-3000:-:*:*:*:*:*:*:*
cpe:2.3:h:silver-peak:vx-3000:-:*:*:*:*:*:*:*
cpe:2.3:h:silver-peak:nx-1000:-:*:*:*:*:*:*:*
cpe:2.3:h:silver-peak:nx-9000:-:*:*:*:*:*:*:*
cpe:2.3:h:silver-peak:vx-2000:-:*:*:*:*:*:*:*
cpe:2.3:h:silver-peak:vx-9000:-:*:*:*:*:*:*:*
cpe:2.3:h:silver-peak:vx-8000:-:*:*:*:*:*:*:*
cpe:2.3:h:silver-peak:nx-700:-:*:*:*:*:*:*:*
cpe:2.3:h:silver-peak:vx-500:-:*:*:*:*:*:*:*
cpe:2.3:h:silver-peak:nx-6000:-:*:*:*:*:*:*:*
cpe:2.3:h:silver-peak:vx-6000:-:*:*:*:*:*:*:*
cpe:2.3:h:silver-peak:nx-2000:-:*:*:*:*:*:*:*
cpe:2.3:h:silver-peak:vx-1000:-:*:*:*:*:*:*:*
cpe:2.3:h:silver-peak:nx-5000:-:*:*:*:*:*:*:*
cpe:2.3:h:silver-peak:nx-7000:-:*:*:*:*:*:*:*
cpe:2.3:h:silver-peak:nx-11k:-:*:*:*:*:*:*:*
cpe:2.3:h:silver-peak:nx-8000:-:*:*:*:*:*:*:*
cpe:2.3:h:silver-peak:vx-5000:-:*:*:*:*:*:*:*
cpe:2.3:h:silver-peak:nx-10k:-:*:*:*:*:*:*:*
cpe:2.3:h:silver-peak:vx-7000:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:vx-9000:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:nx-8000:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:vx-7000:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:vx-5000:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:vx-1000:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:nx-6000:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:nx-3000:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:nx-9000:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:nx-1000:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:nx-10k:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:nx-7000:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:vx-3000:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:vx-6000:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:vx-500:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:vx-8000:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:nx-5000:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:vx-2000:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:nx-2000:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:nx-11k:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:nx-700:-:*:*:*:*:*:*:*
First Time Arubanetworks nx-6000
Arubanetworks vx-3000
Arubanetworks nx-7000
Arubanetworks nx-5000
Arubanetworks nx-9000
Arubanetworks
Arubanetworks vx-9000
Arubanetworks nx-8000
Arubanetworks vx-7000
Arubanetworks nx-3000
Arubanetworks vx-500
Arubanetworks nx-1000
Arubanetworks nx-700
Arubanetworks vx-6000
Arubanetworks vx-5000
Arubanetworks vx-2000
Arubanetworks nx-10k
Arubanetworks nx-11k
Arubanetworks nx-2000
Arubanetworks vx-8000
Arubanetworks vx-1000

Information

Published : 2020-05-05 20:15

Updated : 2024-11-21 04:59


NVD link : CVE-2020-12143

Mitre link : CVE-2020-12143

CVE.ORG link : CVE-2020-12143


JSON object : View

Products Affected

silver-peak

  • vx-3000_firmware
  • nx-1000_firmware
  • nx-7000_firmware
  • nx-3000_firmware
  • vx-9000_firmware
  • vx-8000_firmware
  • unity_edgeconnect_for_azure
  • vx-7000_firmware
  • nx-6000_firmware
  • nx-5000_firmware
  • vx-500_firmware
  • vx-2000_firmware
  • unity_orchestrator
  • nx-11k_firmware
  • unity_edgeconnect_for_amazon_web_services
  • nx-700_firmware
  • nx-10k_firmware
  • nx-2000_firmware
  • nx-9000_firmware
  • vx-5000_firmware
  • unity_edgeconnect_for_google_cloud_platform
  • vx-1000_firmware
  • nx-8000_firmware
  • vx-6000_firmware

arubanetworks

  • nx-1000
  • nx-7000
  • vx-1000
  • vx-8000
  • vx-500
  • vx-7000
  • nx-8000
  • vx-6000
  • nx-6000
  • vx-9000
  • vx-5000
  • nx-700
  • vx-2000
  • vx-3000
  • nx-9000
  • nx-10k
  • nx-11k
  • nx-3000
  • nx-2000
  • nx-5000
CWE
CWE-295

Improper Certificate Validation