CVE-2020-12143
The certificate used to identify Orchestrator to EdgeConnect devices is not validated
The certificate used to identify Orchestrator to EdgeConnect devices is not validated, which makes it possible for someone to establish a TLS connection from EdgeConnect to an untrusted Orchestrator.
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:H
Affected products
Silver Peak Systems, Inc. · 1. Unity EdgeConnect, NX, VX 2. Unity Orchestrator, 3. EdgeConnect in AWS, Azure, GCPWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →