Vulnerabilities > Silver Peak

DATE CVE VULNERABILITY TITLE RISK
2020-11-05 CVE-2020-12147 Path Traversal vulnerability in Silver-Peak Unity Orchestrator
In Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+, an authenticated user can make unauthorized MySQL queries against the Orchestrator database using the /sqlExecution REST API, which had been used for internal testing.
network
low complexity
silver-peak CWE-22
6.5
2020-11-05 CVE-2020-12146 Path Traversal vulnerability in Silver-Peak Unity Orchestrator
In Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+, an authenticated user can access, modify, and delete restricted files on the Orchestrator server using the/debugFiles REST API.
network
low complexity
silver-peak CWE-22
6.5
2020-11-05 CVE-2020-12145 Improper Authentication vulnerability in Silver-Peak Unity Orchestrator
Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+ uses HTTP headers to authenticate REST API calls from localhost.
network
low complexity
silver-peak CWE-287
7.5
2020-05-05 CVE-2020-12144 Improper Certificate Validation vulnerability in Silver-Peak products
The certificate used to identify the Silver Peak Cloud Portal to EdgeConnect devices is not validated.
network
low complexity
silver-peak CWE-295
4.9
2020-05-05 CVE-2020-12143 Improper Certificate Validation vulnerability in Silver-Peak products
The certificate used to identify Orchestrator to EdgeConnect devices is not validated, which makes it possible for someone to establish a TLS connection from EdgeConnect to an untrusted Orchestrator.
network
low complexity
silver-peak CWE-295
4.9
2020-05-05 CVE-2020-12142 Exposure of Resource to Wrong Sphere vulnerability in Silver-Peak products
1.
network
low complexity
silver-peak CWE-668
4.9
2019-09-08 CVE-2019-16105 Path Traversal vulnerability in Silver-Peak Unity Edgeconnect Sd-Wan Firmware 8.1.4.965644
Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows ..%2f directory traversal via a rest/json/configdb/download/ URI.
network
low complexity
silver-peak CWE-22
4.0
2019-09-08 CVE-2019-16104 Cross-site Scripting vulnerability in Silver-Peak Unity Edgeconnect Sd-Wan Firmware 8.1.4.965644
Silver Peak EdgeConnect SD-WAN before 8.1.7.x has reflected XSS via the rest/json/configdb/download/ PATH_INFO.
4.3
2019-09-08 CVE-2019-16103 Unspecified vulnerability in Silver-Peak Unity Edgeconnect Sd-Wan Firmware 8.1.4.965644
Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows privilege escalation (by administrators) from the menu to a root Bash OS shell via the spsshell feature.
network
low complexity
silver-peak
critical
9.0
2019-09-08 CVE-2019-16102 Insecure Default Initialization of Resource vulnerability in Silver-Peak Unity Edgeconnect Sd-Wan Firmware 8.1.4.965644
Silver Peak EdgeConnect SD-WAN before 8.1.7.x has an SNMP service with a public value for rocommunity and trapcommunity.
network
low complexity
silver-peak CWE-1188
7.5