Vulnerabilities > CVE-2019-16103 - Unspecified vulnerability in Silver-Peak Unity Edgeconnect Sd-Wan Firmware 8.1.4.965644

CVSS 9.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

silver-peak

critical

NVD

Published: 2019-09-08

Updated: 2020-08-24

Summary

Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows privilege escalation (by administrators) from the menu to a root Bash OS shell via the spsshell feature.

Vulnerable Configurations

Part	Description	Count
OS	Silver-Peak Silver Peak Unity Edgeconnect SD WAN Firmware 8.1.4.9_65644	1
Hardware	Silver-Peak Silver Peak Unity Edgeconnect SD WAN -	1

References

https://github.com/sdnewhop/sdwannewhope/blob/master/reports/Silverpeak%20EdgeConnect%20Multiple%20Vulnerabilities%20-%20032018.pdf