CVE-2020-12143

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2020-12143
The certificate used to identify Orchestrator to EdgeConnect devices is not validated, which makes it possible for someone to establish a TLS connection from EdgeConnect to an untrusted Orchestrator.

4.9 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

4.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:N/I:P/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
https://www.silver-peak.com/sites/default/files/advisory/security_advisory_notice_rogue_orchestrator-cve_2020_12143.pdf Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:silver-peak:unity_edgeconnect_for_amazon_web_services:-:*:*:*:*:*:*:*
cpe:2.3:a:silver-peak:unity_edgeconnect_for_azure:-:*:*:*:*:*:*:*
cpe:2.3:a:silver-peak:unity_edgeconnect_for_google_cloud_platform:-:*:*:*:*:*:*:*
cpe:2.3:a:silver-peak:unity_orchestrator:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:silver-peak:vx-500_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:vx-500:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:silver-peak:vx-1000_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:vx-1000:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:silver-peak:vx-2000_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:vx-2000:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:silver-peak:vx-3000_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:vx-3000:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:silver-peak:vx-5000_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:vx-5000:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:silver-peak:vx-6000_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:vx-6000:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:silver-peak:vx-7000_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:vx-7000:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:silver-peak:vx-9000_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:vx-9000:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:silver-peak:vx-8000_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:vx-8000:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:silver-peak:nx-700_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:nx-700:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:silver-peak:nx-1000_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:nx-1000:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:silver-peak:nx-2000_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:nx-2000:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:silver-peak:nx-3000_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:nx-3000:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:silver-peak:nx-5000_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:nx-5000:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:silver-peak:nx-6000_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:nx-6000:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:silver-peak:nx-7000_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:nx-7000:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:silver-peak:nx-8000_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:nx-8000:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:silver-peak:nx-9000_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:nx-9000:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND
cpe:2.3:o:silver-peak:nx-10k_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:nx-10k:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND
cpe:2.3:o:silver-peak:nx-11k_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:nx-11k:-:*:*:*:*:*:*:*
History

07 Nov 2023, 21:16

Type Values Removed Values Added
CPE cpe:2.3:h:silver-peak:nx-3000:-:*:*:*:*:*:*:*
cpe:2.3:h:silver-peak:vx-3000:-:*:*:*:*:*:*:*
cpe:2.3:h:silver-peak:nx-1000:-:*:*:*:*:*:*:*
cpe:2.3:h:silver-peak:nx-9000:-:*:*:*:*:*:*:*
cpe:2.3:h:silver-peak:vx-2000:-:*:*:*:*:*:*:*
cpe:2.3:h:silver-peak:vx-9000:-:*:*:*:*:*:*:*
cpe:2.3:h:silver-peak:vx-8000:-:*:*:*:*:*:*:*
cpe:2.3:h:silver-peak:nx-700:-:*:*:*:*:*:*:*
cpe:2.3:h:silver-peak:vx-500:-:*:*:*:*:*:*:*
cpe:2.3:h:silver-peak:nx-6000:-:*:*:*:*:*:*:*
cpe:2.3:h:silver-peak:vx-6000:-:*:*:*:*:*:*:*
cpe:2.3:h:silver-peak:nx-2000:-:*:*:*:*:*:*:*
cpe:2.3:h:silver-peak:vx-1000:-:*:*:*:*:*:*:*
cpe:2.3:h:silver-peak:nx-5000:-:*:*:*:*:*:*:*
cpe:2.3:h:silver-peak:nx-7000:-:*:*:*:*:*:*:*
cpe:2.3:h:silver-peak:nx-11k:-:*:*:*:*:*:*:*
cpe:2.3:h:silver-peak:nx-8000:-:*:*:*:*:*:*:*
cpe:2.3:h:silver-peak:vx-5000:-:*:*:*:*:*:*:*
cpe:2.3:h:silver-peak:nx-10k:-:*:*:*:*:*:*:*
cpe:2.3:h:silver-peak:vx-7000:-:*:*:*:*:*:*:*		 cpe:2.3:h:arubanetworks:vx-9000:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:nx-8000:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:vx-7000:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:vx-5000:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:vx-1000:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:nx-6000:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:nx-3000:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:nx-9000:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:nx-1000:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:nx-10k:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:nx-7000:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:vx-3000:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:vx-6000:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:vx-500:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:vx-8000:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:nx-5000:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:vx-2000:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:nx-2000:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:nx-11k:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:nx-700:-:*:*:*:*:*:*:*
First Time Arubanetworks nx-6000
Arubanetworks vx-3000
Arubanetworks nx-7000
Arubanetworks nx-5000
Arubanetworks nx-9000
Arubanetworks
Arubanetworks vx-9000
Arubanetworks nx-8000
Arubanetworks vx-7000
Arubanetworks nx-3000
Arubanetworks vx-500
Arubanetworks nx-1000
Arubanetworks nx-700
Arubanetworks vx-6000
Arubanetworks vx-5000
Arubanetworks vx-2000
Arubanetworks nx-10k
Arubanetworks nx-11k
Arubanetworks nx-2000
Arubanetworks vx-8000
Arubanetworks vx-1000
Information

Published : 2020-05-05 20:15

Updated : 2024-02-28 17:47

NVD link : CVE-2020-12143

Mitre link : CVE-2020-12143

CVE.ORG link : CVE-2020-12143

JSON object : View

Products Affected

silver-peak

  • vx-8000_firmware
  • vx-5000_firmware
  • nx-700_firmware
  • nx-11k_firmware
  • unity_edgeconnect_for_azure
  • unity_edgeconnect_for_amazon_web_services
  • nx-10k_firmware
  • vx-9000_firmware
  • vx-6000_firmware
  • nx-7000_firmware
  • nx-3000_firmware
  • vx-500_firmware
  • vx-2000_firmware
  • unity_orchestrator
  • unity_edgeconnect_for_google_cloud_platform
  • nx-6000_firmware
  • vx-1000_firmware
  • nx-9000_firmware
  • nx-5000_firmware
  • nx-8000_firmware
  • vx-3000_firmware
  • nx-2000_firmware
  • vx-7000_firmware
  • nx-1000_firmware

arubanetworks

  • nx-10k
  • nx-700
  • vx-8000
  • nx-5000
  • nx-8000
  • vx-3000
  • nx-7000
  • vx-5000
  • vx-7000
  • vx-9000
  • nx-6000
  • nx-11k
  • nx-2000
  • vx-1000
  • vx-2000
  • vx-6000
  • vx-500
  • nx-1000
  • nx-9000
  • nx-3000
CWE
CWE-295

Improper Certificate Validation