CVE-2020-12142

EUVD-2020-4457
1. IPSec UDP key material can be retrieved from machine-to-machine interfaces and human-accessible interfaces by a user with admin credentials. Such a user, with the required system knowledge, could use this material to decrypt in-flight communication. 2. The vulnerability requires administrative access and shell access to the EdgeConnect appliance. An admin user can access IPSec seed and nonce parameters using the CLI, REST APIs, and the Linux shell.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.8 MEDIUM
NETWORK
HIGH
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N
Silver PeakCNA
4.8 MEDIUM
NETWORK
HIGH
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 43%
Affected Products (NVD)
VendorProductVersion
silver-peakunity_edgeconnect_for_amazon_web_services
-
silver-peakunity_edgeconnect_for_azure
-
silver-peakunity_edgeconnect_for_google_cloud_platform
-
silver-peakunity_orchestrator
𝑥
< 8.9.2
silver-peakvx-500_firmware
-
silver-peakvx-1000_firmware
-
silver-peakvx-2000_firmware
-
silver-peakvx-3000_firmware
-
silver-peakvx-5000_firmware
-
silver-peakvx-6000_firmware
-
silver-peakvx-7000_firmware
-
silver-peakvx-9000_firmware
-
silver-peakvx-8000_firmware
-
silver-peaknx-700_firmware
-
silver-peaknx-1000_firmware
-
silver-peaknx-2000_firmware
-
silver-peaknx-3000_firmware
-
silver-peaknx-5000_firmware
-
silver-peaknx-6000_firmware
-
silver-peaknx-7000_firmware
-
silver-peaknx-8000_firmware
-
silver-peaknx-9000_firmware
-
silver-peaknx-10k_firmware
-
silver-peaknx-11k_firmware
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.silver-peak.com/sites/default/files/advisory/security_advisory_notice_ipsec_udp_key_material-cve_2020_12142.pdf
https://www.silver-peak.com/sites/default/files/advisory/security_advisory_notice_ipsec_udp_key_material-cve_2020_12142.pdf