CVE-2020-12148: OS Command Injection - nslookup API
First published: Fri Dec 11 2020(Updated: )
A command injection flaw identified in the nslookup API in Silver Peak Unity ECOSTM (ECOS) appliance software could allow an attacker to execute arbitrary commands with the privileges of the web server running on the EdgeConnect appliance. An attacker could exploit this vulnerability to establish an interactive channel, effectively taking control of the target system. This vulnerability can be exploited by an attacker with authenticated access to the Orchestrator UI or EdgeConnect UI. This affects all ECOS versions prior to : 8.1.9.15, 8.3.0.8, 8.3.1.2, 8.3.2.0, 9.0.2.0, and 9.1.0.0.
Credit: sirt@silver-peak.com sirt@silver-peak.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Silver-peak Ecos | >=8.1<8.1.9.15 | |
| Silver-peak Ecos | >=8.3.0<8.3.0.8 | |
| Silver-peak Ecos | >=8.3.1<8.3.1.2 | |
| Silver-peak Ecos | >=9.0<9.0.2.0 | |
| Silver-peak Vx-1000 | ||
| Silver-peak Vx-2000 | ||
| Silver-peak Vx-3000 | ||
| Silver-peak Vx-500 | ||
| Silver-peak Vx-5000 | ||
| Silver-peak Vx-6000 | ||
| Silver-peak Vx-7000 | ||
| Silver-peak Vx-8000 | ||
| Silver-peak Vx-9000 | ||
| Silver-peak Nx-10700 | ||
| Silver-peak Nx-11700 | ||
| Silver-peak Nx-1700 | ||
| Silver-peak Nx-2700 | ||
| Silver-peak Nx-3700 | ||
| Silver-peak Nx-5700 | ||
| Silver-peak Nx-6700 | ||
| Silver-peak Nx-700 | ||
| Silver-peak Nx-7700 | ||
| Silver-peak Nx-8700 | ||
| Silver-peak Nx-9700 | ||
| Silver-peak Unity Edgeconnect | ||
| Arubanetworks Edgeconnect Enterprise | >=8.1<8.1.9.15 | |
| Arubanetworks Edgeconnect Enterprise | >=8.3.0<8.3.0.8 | |
| Arubanetworks Edgeconnect Enterprise | >=8.3.1<8.3.1.2 | |
| Arubanetworks Edgeconnect Enterprise | >=9.0<9.0.2.0 | |
| Arubanetworks Vx-1000 | ||
| Arubanetworks Vx-2000 | ||
| Arubanetworks Vx-3000 | ||
| Arubanetworks Vx-500 | ||
| Arubanetworks Vx-5000 | ||
| Arubanetworks Vx-6000 | ||
| Arubanetworks Vx-7000 | ||
| Arubanetworks Vx-8000 | ||
| Arubanetworks Vx-9000 | ||
| Arubanetworks Nx-10700 | ||
| Arubanetworks Nx-11700 | ||
| Arubanetworks Nx-1700 | ||
| Arubanetworks Nx-2700 | ||
| Arubanetworks Nx-3700 | ||
| Arubanetworks Nx-5700 | ||
| Arubanetworks Nx-6700 | ||
| Arubanetworks Nx-700 | ||
| Arubanetworks Nx-7700 | ||
| Arubanetworks Nx-8700 | ||
| Arubanetworks Nx-9700 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this command injection flaw?
The vulnerability ID for this command injection flaw is CVE-2020-12148.
What is the affected software?
The affected software is Silver Peak Unity ECOSTM (ECOS) appliance software.
What is the severity of CVE-2020-12148?
The severity of CVE-2020-12148 is high.
How can an attacker exploit this vulnerability?
An attacker can exploit this vulnerability by executing arbitrary commands with the privileges of the web server running on the EdgeConnect appliance.
Are there any available fixes for this vulnerability?
Please refer to the Silver Peak website for available fixes and patches.
- collector/nvd-index
- collector/nvd-api
- agent/weakness
- agent/author
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/last-modified-date
- agent/title
- agent/tags
- agent/first-publish-date
- agent/description
- agent/event
- vendor/silver-peak
- canonical/silver-peak ecos
- version/silver-peak ecos/8.1
- version/silver-peak ecos/8.3.0
- version/silver-peak ecos/8.3.1
- version/silver-peak ecos/9.0
- canonical/silver-peak vx-1000
- canonical/silver-peak vx-2000
- canonical/silver-peak vx-3000
- canonical/silver-peak vx-500
- canonical/silver-peak vx-5000
- canonical/silver-peak vx-6000
- canonical/silver-peak vx-7000
- canonical/silver-peak vx-8000
- canonical/silver-peak vx-9000
- canonical/silver-peak nx-10700
- canonical/silver-peak nx-11700
- canonical/silver-peak nx-1700
- canonical/silver-peak nx-2700
- canonical/silver-peak nx-3700
- canonical/silver-peak nx-5700
- canonical/silver-peak nx-6700
- canonical/silver-peak nx-700
- canonical/silver-peak nx-7700
- canonical/silver-peak nx-8700
- canonical/silver-peak nx-9700
- canonical/silver-peak unity edgeconnect
- vendor/arubanetworks
- canonical/arubanetworks edgeconnect enterprise
- version/arubanetworks edgeconnect enterprise/8.1
- version/arubanetworks edgeconnect enterprise/8.3.0
- version/arubanetworks edgeconnect enterprise/8.3.1
- version/arubanetworks edgeconnect enterprise/9.0
- canonical/arubanetworks vx-1000
- canonical/arubanetworks vx-2000
- canonical/arubanetworks vx-3000
- canonical/arubanetworks vx-500
- canonical/arubanetworks vx-5000
- canonical/arubanetworks vx-6000
- canonical/arubanetworks vx-7000
- canonical/arubanetworks vx-8000
- canonical/arubanetworks vx-9000
- canonical/arubanetworks nx-10700
- canonical/arubanetworks nx-11700
- canonical/arubanetworks nx-1700
- canonical/arubanetworks nx-2700
- canonical/arubanetworks nx-3700
- canonical/arubanetworks nx-5700
- canonical/arubanetworks nx-6700
- canonical/arubanetworks nx-700
- canonical/arubanetworks nx-7700
- canonical/arubanetworks nx-8700
- canonical/arubanetworks nx-9700