Vulnerability CVE-2020-12142


Published: 2020-05-05

Description:
1. IPSec UDP key material can be retrieved from machine-to-machine interfaces and human-accessible interfaces by a user with admin credentials. Such a user, with the required system knowledge, could use this material to decrypt in-flight communication. 2. The vulnerability requires administrative access and shell access to the EdgeConnect appliance. An admin user can access IPSec seed and nonce parameters using the CLI, REST APIs, and the Linux shell.

Type:

CWE-668

(Exposure of Resource to Wrong Sphere)

CVSS2 => (AV:N/AC:L/Au:S/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4/10
2.9/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Silver-peak -> Unity edgeconnect for amazon web services 
Silver-peak -> Unity edgeconnect for azure 
Silver-peak -> Unity edgeconnect for google cloud platform 
Silver-peak -> Unity orchestrator 

 References:
https://www.silver-peak.com/sites/default/files/advisory/security_advisory_notice_ipsec_udp_key_material-cve_2020_12142.pdf

Copyright 2024, cxsecurity.com

 

Back to Top