high
8.5
CWE
78 77
Advisory Published
Updated

CVE-2020-12148: OS Command Injection - nslookup API

First published: Fri Dec 11 2020(Updated: )

A command injection flaw identified in the nslookup API in Silver Peak Unity ECOSTM (ECOS) appliance software could allow an attacker to execute arbitrary commands with the privileges of the web server running on the EdgeConnect appliance. An attacker could exploit this vulnerability to establish an interactive channel, effectively taking control of the target system. This vulnerability can be exploited by an attacker with authenticated access to the Orchestrator UI or EdgeConnect UI. This affects all ECOS versions prior to : 8.1.9.15, 8.3.0.8, 8.3.1.2, 8.3.2.0, 9.0.2.0, and 9.1.0.0.

Credit: sirt@silver-peak.com sirt@silver-peak.com

Affected SoftwareAffected VersionHow to fix
All of
Any of
Aruba Networks EdgeConnect Enterprise>=8.1<8.1.9.15
Aruba Networks EdgeConnect Enterprise>=8.3.0<8.3.0.8
Aruba Networks EdgeConnect Enterprise>=8.3.1<8.3.1.2
Aruba Networks EdgeConnect Enterprise>=9.0<9.0.2.0
Any of
Aruba Networks VX-1000
Aruba Networks VX-2000
Aruba Networks VX-3000
Aruba Networks VX-500
Aruba Networks VX-5000
Aruba Networks VX-6000
Aruba Networks VX-7000
Aruba Networks VX-8000
Aruba Networks VX 9000
Aruba Networks NX-10700
Aruba Networks NX-11700
Aruba Networks NX-1700
Aruba Networks NX-2700
Aruba Networks NX-3700
Aruba Networks NX-5700
Aruba Networks NX-6700
Aruba Networks NX-700
Aruba Networks NX-7700
Aruba Networks NX-8700
Aruba Networks NX-9700
Silver Peak ECOS>=8.1<8.1.9.15
Silver Peak ECOS>=8.3.0<8.3.0.8
Silver Peak ECOS>=8.3.1<8.3.1.2
Silver Peak ECOS>=9.0<9.0.2.0
Silver Peak VX-1000
Silver Peak VX-2000
Silver Peak VX-3000
Silver Peak VX-500
Silver Peak VX-5000
Silver Peak VX-6000
Silver Peak VX-7000
Silver Peak VX-8000
Silver Peak VX-9000
Silver Peak NX-10700
Silver Peak NX-11700
Silver Peak NX-1700
Silver Peak NX-2700
Silver Peak NX-3700
Silver Peak NX-5700
Silver Peak NX-6700
Silver Peak NX-700
Silver Peak NX-7700
Silver Peak NX-8700
silver-peak nx-9700
Silver Peak Unity EdgeConnect

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the vulnerability ID for this command injection flaw?

    The vulnerability ID for this command injection flaw is CVE-2020-12148.

  • What is the affected software?

    The affected software is Silver Peak Unity ECOSTM (ECOS) appliance software.

  • What is the severity of CVE-2020-12148?

    The severity of CVE-2020-12148 is high.

  • How can an attacker exploit this vulnerability?

    An attacker can exploit this vulnerability by executing arbitrary commands with the privileges of the web server running on the EdgeConnect appliance.

  • Are there any available fixes for this vulnerability?

    Please refer to the Silver Peak website for available fixes and patches.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203