Technical Advisory: OS Command Injection in Silver Peak EdgeConnect Appliances (CVE-2020-12148, CVE-2020-12149)

Vendor: Silver Peak Vendor URL: https://www.silver-peak.com Versions affected: All EdgeConnect OS versions prior to 8.1.9.15, 8.3.0.8, 8.3.1.2, 8.3.2.0, 9.0.2.0, and 9.1.0.0. Systems Affected: Unity EdgeConnect Appliance & Orchestrator CVE Identifier: CVE-2020-12148 (nslookup API), CVE-2020-12148 (Management File Upload) Advisory URL: https://www.silver-peak.com/sites/default/files/advisory/security_advisory_notice_command_injection_mgmt_file_upload_cve_2020_12149-1.pdf, https://www.silver-peak.com/sites/default/files/advisory/security_advisory_notice_command_injection_via_api_cve_2020_12148-1.pdf Risk: Medium – 6.8 (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H) (nsLookup API) Risk: Medium – 6.8 (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H) (Management file … Continue reading Technical Advisory: OS Command Injection in Silver Peak EdgeConnect Appliances (CVE-2020-12148, CVE-2020-12149)