CVE-2020-12142

MEDIUM

Silver-peak Unity Edgeconnect For Ama... - Exposure to Wrong Actor

Title source: rule

Description

1. IPSec UDP key material can be retrieved from machine-to-machine interfaces and human-accessible interfaces by a user with admin credentials. Such a user, with the required system knowledge, could use this material to decrypt in-flight communication. 2. The vulnerability requires administrative access and shell access to the EdgeConnect appliance. An admin user can access IPSec seed and nonce parameters using the CLI, REST APIs, and the Linux shell.

References (1)

[Vendor Advisory] https://www.silver-peak.com/sites/default/files/advisory/security_advisory_notice_ipsec_udp_key_material-cve_2020_12142.pdf

Scores

CVSS v3 4.8

EPSS 0.0022

EPSS Percentile 43.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N

Classification

CWE

CWE-668

Status published

Affected Products (24)

silver-peak/unity_edgeconnect_for_amazon_web_services

silver-peak/unity_edgeconnect_for_azure

silver-peak/unity_edgeconnect_for_google_cloud_platform

silver-peak/unity_orchestrator < 8.9.2

silver-peak/vx-500_firmware

silver-peak/vx-1000_firmware

silver-peak/vx-2000_firmware

silver-peak/vx-3000_firmware

silver-peak/vx-5000_firmware

silver-peak/vx-6000_firmware

silver-peak/vx-7000_firmware

silver-peak/vx-9000_firmware

silver-peak/vx-8000_firmware

silver-peak/nx-700_firmware

silver-peak/nx-1000_firmware

... and 9 more

Timeline

Published May 05, 2020

Tracked Since Feb 18, 2026