CVSS: 6.0EPSS: 0%CPEs: 44EXPL: 0CVE-2020-12144 – The certificate used to identify the Silver Peak Cloud Portal to EdgeConnect devices is not validated
https://notcve.org/view.php?id=CVE-2020-12144
The certificate used to identify the Silver Peak Cloud Portal to EdgeConnect devices is not validated. This makes it possible for someone to establish a TLS connection from EdgeConnect to an untrusted portal. El certificado usado para identificar el Silver Cloud Portal para dispositivos EdgeConnect no es validado. Esto hace posible que alguien establezca una conexión TLS desde EdgeConnect a un portal no confiable. • https://www.silver-peak.com/sites/default/files/advisory/security_advisory_notice_rogue_portal-cve_2020_12144.pdf • CWE-295: Improper Certificate Validation •
CVSS: 6.0EPSS: 0%CPEs: 44EXPL: 0CVE-2020-12143 – The certificate used to identify Orchestrator to EdgeConnect devices is not validated
https://notcve.org/view.php?id=CVE-2020-12143
The certificate used to identify Orchestrator to EdgeConnect devices is not validated, which makes it possible for someone to establish a TLS connection from EdgeConnect to an untrusted Orchestrator. El certificado utilizado para identificar Orchestrator a los dispositivos EdgeConnect no está validado, lo que hace posible que alguien establezca una conexión TLS desde EdgeConnect a un Orchestrator no confiable. • https://www.silver-peak.com/sites/default/files/advisory/security_advisory_notice_rogue_orchestrator-cve_2020_12143.pdf • CWE-295: Improper Certificate Validation •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2019-16099
https://notcve.org/view.php?id=CVE-2019-16099
Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows CSRF via JSON data to a .swf file. Silver Peak EdgeConnect SD-WAN en versiones anteriores a la 8.1.7.x permite CSRF mediante datos JSON a un archivo .swf. • https://github.com/sdnewhop/sdwannewhope/blob/master/reports/Silverpeak%20EdgeConnect%20Multiple%20Vulnerabilities%20-%20032018.pdf • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2019-16100
https://notcve.org/view.php?id=CVE-2019-16100
Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows remote attackers to trigger a web-interface outage via slow client-side HTTP traffic from a single source. Silver Peak EdgeConnect SD-WAN en versiones anteriores a la 8.1.7.x permite a los atacantes remotos desencadenar una interrupción de la interfaz web mediante lento tráfico HTTP del lado del cliente desde una sola fuente. • https://github.com/sdnewhop/sdwannewhope/blob/master/reports/Silverpeak%20EdgeConnect%20Multiple%20Vulnerabilities%20-%20032018.pdf •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-16101
https://notcve.org/view.php?id=CVE-2019-16101
Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows remote attackers to obtain potentially sensitive stack traces by sending incorrect JSON data to the REST API, such as the rest/json/banners URI. Silver Peak EdgeConnect SD-WAN en versiones anteriores a la 8.1.7.x permite a los atacantes remotos obtener trazas de pila potencialmente sensibles mediante el envío de datos JSON incorrectos a la API REST, como el URI rest/json/banners. • https://github.com/sdnewhop/sdwannewhope/blob/master/reports/Silverpeak%20EdgeConnect%20Multiple%20Vulnerabilities%20-%20032018.pdf • CWE-209: Generation of Error Message Containing Sensitive Information •