CVE-2020-12142

MEDIUM

Silver Peak Unity Orchestrator <8.9.2 - Authenticated IPSec UDP Key Material Exposure via CLI and REST APIs

Title source: llm

Description

1. IPSec UDP key material can be retrieved from machine-to-machine interfaces and human-accessible interfaces by a user with admin credentials. Such a user, with the required system knowledge, could use this material to decrypt in-flight communication. 2. The vulnerability requires administrative access and shell access to the EdgeConnect appliance. An admin user can access IPSec seed and nonce parameters using the CLI, REST APIs, and the Linux shell.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

https://www.silver-peak.com/sites/default/files/advisory/security_advisory_notice_ipsec_udp_key_material-cve_2020_12142.pdf

Scores

CVSS v3 4.8

EPSS 0.0072

EPSS Percentile 49.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N

Details

CWE

CWE-668

Status published

Products (24)

silver-peak/nx-1000_firmware

silver-peak/nx-10k_firmware

silver-peak/nx-11k_firmware

silver-peak/nx-2000_firmware

silver-peak/nx-3000_firmware

silver-peak/nx-5000_firmware

silver-peak/nx-6000_firmware

silver-peak/nx-7000_firmware

silver-peak/nx-700_firmware

silver-peak/nx-8000_firmware

... and 14 more

Published May 05, 2020

Tracked Since Feb 18, 2026