The configuration backup/restore function in Silver Peak Unity ECOSTM (ECOS) appliance software was found to directly incorporate the user-controlled config filename in a subsequent shell command, allowing an attacker to manipulate the resulting command by injecting valid OS command input. This vulnerability can be exploited by an attacker with authenticated access to the Orchestrator UI or EdgeConnect UI. This affects all ECOS versions prior to: 8.1.9.15, 8.3.0.8, 8.3.1.2, 8.3.2.0, 9.0.2.0, and 9.1.0.0.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Silver Peak
Published: 2020-12-11T15:23:32.991669Z
Updated: 2024-09-16T23:26:33.482Z
Reserved: 2020-04-24T00:00:00
Link: CVE-2020-12149
Vulnrichment
No data.
NVD
Status : Modified
Published: 2020-12-11T16:15:11.807
Modified: 2024-12-12T18:27:55.190
Link: CVE-2020-12149
Redhat
No data.