CVE-2020-12149: OS Command Injection - Management File Upload
First published: Fri Dec 11 2020(Updated: )
The configuration backup/restore function in Silver Peak Unity ECOSTM (ECOS) appliance software was found to directly incorporate the user-controlled config filename in a subsequent shell command, allowing an attacker to manipulate the resulting command by injecting valid OS command input. This vulnerability can be exploited by an attacker with authenticated access to the Orchestrator UI or EdgeConnect UI. This affects all ECOS versions prior to: 8.1.9.15, 8.3.0.8, 8.3.1.2, 8.3.2.0, 9.0.2.0, and 9.1.0.0.
Credit: sirt@silver-peak.com sirt@silver-peak.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Silver-peak Ecos | >=8.1<8.1.9.15 | |
| Silver-peak Ecos | >=8.3.0<8.3.0.8 | |
| Silver-peak Ecos | >=8.3.1<8.3.1.2 | |
| Silver-peak Ecos | >=9.0<9.0.2.0 | |
| Silver-peak Vx-1000 | ||
| Silver-peak Vx-2000 | ||
| Silver-peak Vx-3000 | ||
| Silver-peak Vx-500 | ||
| Silver-peak Vx-5000 | ||
| Silver-peak Vx-6000 | ||
| Silver-peak Vx-7000 | ||
| Silver-peak Vx-8000 | ||
| Silver-peak Vx-9000 | ||
| Silver-peak Nx-10700 | ||
| Silver-peak Nx-11700 | ||
| Silver-peak Nx-1700 | ||
| Silver-peak Nx-2700 | ||
| Silver-peak Nx-3700 | ||
| Silver-peak Nx-5700 | ||
| Silver-peak Nx-6700 | ||
| Silver-peak Nx-700 | ||
| Silver-peak Nx-7700 | ||
| Silver-peak Nx-8700 | ||
| Silver-peak Nx-9700 | ||
| Silver-peak Unity Edgeconnect | ||
| All of | ||
| Any of | ||
| Arubanetworks Edgeconnect Enterprise | >=8.1<8.1.9.15 | |
| Arubanetworks Edgeconnect Enterprise | >=8.3.0<8.3.0.8 | |
| Arubanetworks Edgeconnect Enterprise | >=8.3.1<8.3.1.2 | |
| Arubanetworks Edgeconnect Enterprise | >=9.0<9.0.2.0 | |
| Any of | ||
| Arubanetworks Vx-1000 | ||
| Arubanetworks Vx-2000 | ||
| Arubanetworks Vx-3000 | ||
| Arubanetworks Vx-500 | ||
| Arubanetworks Vx-5000 | ||
| Arubanetworks Vx-6000 | ||
| Arubanetworks Vx-7000 | ||
| Arubanetworks Vx-8000 | ||
| Arubanetworks Vx-9000 | ||
| Arubanetworks Nx-10700 | ||
| Arubanetworks Nx-11700 | ||
| Arubanetworks Nx-1700 | ||
| Arubanetworks Nx-2700 | ||
| Arubanetworks Nx-3700 | ||
| Arubanetworks Nx-5700 | ||
| Arubanetworks Nx-6700 | ||
| Arubanetworks Nx-700 | ||
| Arubanetworks Nx-7700 | ||
| Arubanetworks Nx-8700 | ||
| Arubanetworks Nx-9700 | ||
| Silver-peak Unity Edgeconnect |
Remedy
The backup/restore functions in the patched versions of ECOS software have been modified to only accept alphanumeric characters, along with the period, hyphen, and underscore characters. This change ensures that OS commands cannot be injected via filename.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2020-12149?
CVE-2020-12149 is a vulnerability in Silver Peak Unity ECOSTM (ECOS) appliance software that allows an attacker to manipulate shell commands.
Which version of Silver Peak ECOS software is affected by CVE-2020-12149?
Versions 8.1 to 9.0.2.0 of Silver Peak ECOS software are affected by CVE-2020-12149.
What is the severity level of CVE-2020-12149?
CVE-2020-12149 has a severity level of 6.8, which is considered high.
How can an attacker exploit CVE-2020-12149?
An attacker can exploit CVE-2020-12149 by injecting valid OS command input.
Where can I find more information about CVE-2020-12149?
You can find more information about CVE-2020-12149 in the Silver Peak support documentation and security advisories.
- collector/nvd-index
- agent/author
- agent/type
- agent/softwarecombine
- agent/weakness
- agent/severity
- agent/remedy
- agent/references
- agent/title
- agent/description
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/silver-peak
- canonical/silver-peak ecos
- version/silver-peak ecos/8.1
- version/silver-peak ecos/8.3.0
- version/silver-peak ecos/8.3.1
- version/silver-peak ecos/9.0
- canonical/silver-peak vx-1000
- canonical/silver-peak vx-2000
- canonical/silver-peak vx-3000
- canonical/silver-peak vx-500
- canonical/silver-peak vx-5000
- canonical/silver-peak vx-6000
- canonical/silver-peak vx-7000
- canonical/silver-peak vx-8000
- canonical/silver-peak vx-9000
- canonical/silver-peak nx-10700
- canonical/silver-peak nx-11700
- canonical/silver-peak nx-1700
- canonical/silver-peak nx-2700
- canonical/silver-peak nx-3700
- canonical/silver-peak nx-5700
- canonical/silver-peak nx-6700
- canonical/silver-peak nx-700
- canonical/silver-peak nx-7700
- canonical/silver-peak nx-8700
- canonical/silver-peak nx-9700
- canonical/silver-peak unity edgeconnect
- vendor/arubanetworks
- canonical/arubanetworks edgeconnect enterprise
- version/arubanetworks edgeconnect enterprise/8.1
- version/arubanetworks edgeconnect enterprise/8.3.0
- version/arubanetworks edgeconnect enterprise/8.3.1
- version/arubanetworks edgeconnect enterprise/9.0
- canonical/arubanetworks vx-1000
- canonical/arubanetworks vx-2000
- canonical/arubanetworks vx-3000
- canonical/arubanetworks vx-500
- canonical/arubanetworks vx-5000
- canonical/arubanetworks vx-6000
- canonical/arubanetworks vx-7000
- canonical/arubanetworks vx-8000
- canonical/arubanetworks vx-9000
- canonical/arubanetworks nx-10700
- canonical/arubanetworks nx-11700
- canonical/arubanetworks nx-1700
- canonical/arubanetworks nx-2700
- canonical/arubanetworks nx-3700
- canonical/arubanetworks nx-5700
- canonical/arubanetworks nx-6700
- canonical/arubanetworks nx-700
- canonical/arubanetworks nx-7700
- canonical/arubanetworks nx-8700
- canonical/arubanetworks nx-9700