What is CVE-2020-12144?

CVE-2020-12144 is a vulnerability in the Silver Peak Cloud Portal that allows an attacker to establish a TLS connection from EdgeConnect to an untrusted portal due to an unvalidated certificate.

Which Silver Peak products are affected by CVE-2020-12144?

Silver-peak Unity Edgeconnect for Amazon Web Services, Silver-peak Unity Edgeconnect for Azure, Silver-peak Unity Edgeconnect for Google Cloud Platform, and Silver-peak Unity Orchestrator version up to 8.9.2 are affected by CVE-2020-12144.

What is the severity of CVE-2020-12144?

The severity of CVE-2020-12144 is medium, with a severity value of 4.9.

How can I fix CVE-2020-12144?

To fix CVE-2020-12144, it is recommended to apply the necessary updates or patches provided by Silver Peak.

Where can I find more information about CVE-2020-12144?

You can find more information about CVE-2020-12144 at the following reference: https://www.silver-peak.com/sites/default/files/advisory/security_advisory_notice_rogue_portal-cve_2020_12144.pdf

Vulnerability/
CVE-2020-12144

medium

CWE

295

5/5/2020

4/8/2024

CVE-2020-12144: The certificate used to identify the Silver Peak Cloud Portal to EdgeConnect devices is not validated

First published: Tue May 05 2020(Updated: )

The certificate used to identify the Silver Peak Cloud Portal to EdgeConnect devices is not validated. This makes it possible for someone to establish a TLS connection from EdgeConnect to an untrusted portal.

Credit: sirt@silver-peak.com sirt@silver-peak.com

Affected Software	Affected Version	How to fix
Silver-peak Unity Edgeconnect For Amazon Web Services
Silver-peak Unity Edgeconnect For Azure
Silver-peak Unity Edgeconnect For Google Cloud Platform
Silver-peak Unity Orchestrator	<8.9.2
Silver-peak Vx-500 Firmware
Silver-peak Vx-500
Silver-peak Vx-1000 Firmware
Silver-peak Vx-1000
Silver-peak Vx-2000 Firmware
Silver-peak Vx-2000
Silver-peak Vx-3000 Firmware
Silver-peak Vx-3000
Silver-peak Vx-5000 Firmware
Silver-peak Vx-5000
Silver-peak Vx-6000 Firmware
Silver-peak Vx-6000
Silver-peak Vx-7000 Firmware
Silver-peak Vx-7000
Silver-peak Vx-9000 Firmware
Silver-peak Vx-9000
Silver-peak Vx-8000 Firmware
Silver-peak Vx-8000
Silver-peak Nx-700 Firmware
Silver-peak Nx-700
Silver-peak Nx-1000 Firmware
Silver-peak Nx-1000
Silver-peak Nx-2000 Firmware
Silver-peak Nx-2000
Silver-peak Nx-3000 Firmware
Silver-peak Nx-3000
Silver-peak Nx-5000 Firmware
Silver-peak Nx-5000
Silver-peak Nx-6000 Firmware
Silver-peak Nx-6000
Silver-peak Nx-7000 Firmware
Silver-peak Nx-7000
Silver-peak Nx-8000 Firmware
Silver-peak Nx-8000
Silver-peak Nx-9000 Firmware
Silver-peak Nx-9000
Silver-peak Nx-10k Firmware
Silver-peak Nx-10k
Silver-peak Nx-11k Firmware
Silver-peak Nx-11k
Arubanetworks Vx-500
Arubanetworks Vx-1000
Arubanetworks Vx-2000
Arubanetworks Vx-3000
Arubanetworks Vx-5000
Arubanetworks Vx-6000
Arubanetworks Vx-7000
Arubanetworks Vx-9000
Arubanetworks Vx-8000
Arubanetworks Nx-700
Arubanetworks Nx-1000
Arubanetworks Nx-2000
Arubanetworks Nx-3000
Arubanetworks Nx-5000
Arubanetworks Nx-6000
Arubanetworks Nx-7000
Arubanetworks Nx-8000
Arubanetworks Nx-9000
Arubanetworks Nx-10k
Arubanetworks Nx-11k

Remedy

Resolution • Changes have been made to strengthen the initial exchange between the EdgeConnect appliance and the Cloud Portal. After the changes, EdgeConnect will validate the certificate used to identify the Silver Peak Cloud Portal to EdgeConnect. • TLS itself is continually subject to newly discovered and exploitable vulnerabilities. As such, all versions of EdgeConnect software implement additional out-of-band and user-controlled authentication mechanisms. Any required configuration • Do not change Cloud Portal’s IP address as discovered by the EdgeConnect appliance. • Upgrade to Silver Peak Unity ECOS™ 8.3.2+ or 8.1.9.12+ and Silver Peak Unity Orchestrator™ 8.9.2+. • In Orchestrator, enable the “Verify Portal Certificate” option under Advanced Security Settings.

Remedy

The full details of the CVE can be found at https://www.silver-peak.com/sites/default/files/advisory/security_advisory_notice_rogue_portal_cve_2020_12144.pdf

Never miss a vulnerability like this again

Reference Links

https://www.silver-peak.com/sites/default/files/advisory/security_advisory_notice_rogue_portal-cve_2020_12144.pdf

Frequently Asked Questions

What is CVE-2020-12144?
CVE-2020-12144 is a vulnerability in the Silver Peak Cloud Portal that allows an attacker to establish a TLS connection from EdgeConnect to an untrusted portal due to an unvalidated certificate.
Which Silver Peak products are affected by CVE-2020-12144?
Silver-peak Unity Edgeconnect for Amazon Web Services, Silver-peak Unity Edgeconnect for Azure, Silver-peak Unity Edgeconnect for Google Cloud Platform, and Silver-peak Unity Orchestrator version up to 8.9.2 are affected by CVE-2020-12144.
What is the severity of CVE-2020-12144?
The severity of CVE-2020-12144 is medium, with a severity value of 4.9.
How can I fix CVE-2020-12144?
To fix CVE-2020-12144, it is recommended to apply the necessary updates or patches provided by Silver Peak.
Where can I find more information about CVE-2020-12144?
You can find more information about CVE-2020-12144 at the following reference: https://www.silver-peak.com/sites/default/files/advisory/security_advisory_notice_rogue_portal-cve_2020_12144.pdf

CVE-2020-12144: The certificate used to identify the Silver Peak Cloud Portal to EdgeConnect devices is not validated

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2020-12144?

Which Silver Peak products are affected by CVE-2020-12144?

What is the severity of CVE-2020-12144?

How can I fix CVE-2020-12144?

Where can I find more information about CVE-2020-12144?

Company

Resources

Contact