CVE: Common Vulnerabilities and Exposures

alert

Notice: Keyword searching of CVE Records is now available in the search box above. Keywords may include a CVE ID (e.g., CVE-2024-1234), or one or more keywords separated by a space (e.g., authorization, SQL Injection, cross site scripting, etc.). Learn more here.

alert

Notice: Keyword searching of CVE Records is now available in the search box above. Keywords may include a CVE ID (e.g., CVE-2024-1234), or one or more keywords separated by a space (e.g., authorization, SQL Injection, cross site scripting, etc.). Learn more here.

Expand or collapse notification button

Required CVE Record Information

Description

The configuration backup/restore function in Silver Peak Unity ECOSTM (ECOS) appliance software was found to directly incorporate the user-controlled config filename in a subsequent shell command, allowing an attacker to manipulate the resulting command by injecting valid OS command input. This vulnerability can be exploited by an attacker with authenticated access to the Orchestrator UI or EdgeConnect UI. This affects all ECOS versions prior to: 8.1.9.15, 8.3.0.8, 8.3.1.2, 8.3.2.0, 9.0.2.0, and 9.1.0.0.

CWE 2 Total

CVSS 1 Total

Product Status

Versions 6 Total

Default Status: unknown

affected

Credits

This vulnerability was reported to Silver Peak by Alexander Smye and Jonathan Letham from the security team at NCC Group.

References 1 Total

https://www.silver-peak.com/support/user-documentation/security-advisories
external site

Updated: 2024-08-04

This container includes required additional information provided by the CVE Program for this vulnerability.

References 1 Total

https://www.silver-peak.com/support/user-documentation/security-advisories
external site
x_transferred