A command injection flaw identified in the nslookup API in Silver Peak Unity ECOSTM (ECOS) appliance software could allow an attacker to execute arbitrary commands with the privileges of the web server running on the EdgeConnect appliance. An attacker could exploit this vulnerability to establish an interactive channel, effectively taking control of the target system. This vulnerability can be exploited by an attacker with authenticated access to the Orchestrator UI or EdgeConnect UI. This affects all ECOS versions prior to : 8.1.9.15, 8.3.0.8, 8.3.1.2, 8.3.2.0, 9.0.2.0, and 9.1.0.0.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Silver Peak
Published: 2020-12-11T15:24:23.056324Z
Updated: 2024-09-16T23:05:48.430Z
Reserved: 2020-04-24T00:00:00
Link: CVE-2020-12148
Vulnrichment
No data.
NVD
Status : Modified
Published: 2020-12-11T16:15:11.697
Modified: 2024-12-12T18:19:50.530
Link: CVE-2020-12148
Redhat
No data.