CVE-2020-12149

OS Command Injection - Management File Upload

Description

The configuration backup/restore function in Silver Peak Unity ECOSTM (ECOS) appliance software was found to directly incorporate the user-controlled config filename in a subsequent shell command, allowing an attacker to manipulate the resulting command by injecting valid OS command input. This vulnerability can be exploited by an attacker with authenticated access to the Orchestrator UI or EdgeConnect UI. This affects all ECOS versions prior to: 8.1.9.15, 8.3.0.8, 8.3.1.2, 8.3.2.0, 9.0.2.0, and 9.1.0.0.

Remediation

Solution:

The backup/restore functions in the patched versions of ECOS software have been modified to only accept alphanumeric characters, along with the period, hyphen, and underscore characters. This change ensures that OS commands cannot be injected via filename.

References

Link	Tags
https://www.silver-peak.com/support/user-documentation/security-advisories	vendor advisory

Frequently Asked Questions

What is the severity of CVE-2020-12149?: CVE-2020-12149 has been scored as a medium severity vulnerability.
How to fix CVE-2020-12149?: To fix CVE-2020-12149: The backup/restore functions in the patched versions of ECOS software have been modified to only accept alphanumeric characters, along with the period, hyphen, and underscore characters. This change ensures that OS commands cannot be injected via filename.
Is CVE-2020-12149 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2020-12149 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2020-12149?: CVE-2020-12149 affects Silver Peak Systems, Inc. ECOS.

Description

Remediation

Category

CWE-78 – Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

References

Frequently Asked Questions