Security Advisories

  • User Documentation

Security Advisories

  • >> User Documentation
    >> Tech Tips
    >> Technical White Papers
    >> Return to Main Page

    Security Advisory RSS

    Security Advisory RSSSecurity RSS link

    Report a Vulnerability

    If you have information about a security issue or vulnerability with a Silver Peak product or technology, please send an e-mail to sirt@silver-peak.com. Encrypt sensitive information using our PGP public key
    Please provide as much information as possible, including:

    • The products and versions affected

    • Detailed description of the vulnerability

    • Information on known exploits

    A member of the Silver Peak Product Security Team will review your e-mail and contact you to collaborate on resolving the issue.

    Contact Support

    North America (USA/CAN)

    T: +1 877 210 7325

    Australia

    T: 1800 859 651

    France

    T: 0800-913757

    Hong Kong

    T: 800-901193

    India

    T: 000-800-9190024

    United Kingdom

    T: 0-8000969372

    Global

    T: +1 408 935 1850

    • IPSec UDP key material can be retrieved from EdgeConnect by admin

      CVE-2020-12142 submitted on May 4, 2020 by Silver Peak Systems, Inc.

      » Download
    • Certificate used to identify Cloud Portal is not validated

      CVE-2020-12144 submitted on May 4, 2020 by Silver Peak Systems, Inc.

      » Download
    • Certificate used to identify Orchestrator is not validated

      CVE-2020-12143 submitted on May 4, 2020 by Silver Peak Systems, Inc.

      » Download
    • EdgeConnect Web UI Prior to 8.1.7.x Allows CSRF via JSON

      CVE-2019-16099, originally published by the SD-WAN “new hope” team on Sep 8, 2019

      » Download
    • EdgeConnect Web UI Prior to 8.1.7.x Susceptible to Slow HTTP DoS Attacks

      CVE-2019-16100 originally published by the SD-WAN “new hope” team on Sep 8, 2019

      » Download
    • Unauthenticated User Can Access Information via Stack Traces

      CVE-2019-16101 originally published by the SD-WAN “new hope” team on Sep 8, 2019

      » Download
    • SNMP Service in EdgeConnect Prior to 8.1.7.x has Public Community Value

      CVE-2019-16102 originally published by the SD-WAN “new hope” team on Sep 8, 2019

      » Download
    • Privilege Escalation in EdgeConnect Prior to 8.1.7.x

      CVE-2019-16103 originally published by the SD-WAN “new hope” team on Sep 8, 2019

      » Download
    • EdgeConnect Web UI Susceptible to XSS and Directory Traversal Attacks

      CVE-2019-16104 and CVE-2019-16105 originally published by the SD-WAN “new hope” team on Sep 8, 2019

      » Download
    • TCP SACK Panic and other remote denial of service vulnerabilities

      NFLX-2019-001 originally published by Netflix on June 17, 2019

      » Download
    • Silver Peak Microarchitectural Data Sampling (MDS) vulnerabilities

      INTEL-SA-00233 originally published by Intel on May 14, 2019

      » Download
    • Authentication bypass in server mode-CVE-2018-10933

      Published by libssh on October 19, 2018

      » Download
    • L1 Terminal Fault - INTEL-SA-00161

      Published by Intel on August 14, 2018

      » Download
    • The Dangers of Key Reuse: Practical Attacks on IPsec IKE

      Published at the Usenix Symposium on August 15, 2018

      » Download
    • Meltdown and Spectre Vulnerabilities

      VU#584653 originally published by CERT on January 3, 2018

      » Download
    • Return of Bleichenbacher's Oracle Threat (ROBOT Attack) -- A TLS Vulnerability

      VU#144389 originally published by CERT on December 12, 2017

      » Download
    • Intel Q3’17 ME 11.x, SPS 4.0, and TXE 3.0 Security Review Cumulative Update, Escalation of Privilege

      INTEL-SA-00086 published by Intel on November 20, 2017

       

      » Download
    • DOS Security Vulnerability, Published by node.js on October 24, 2017

      CVE-2017-14919

      » Download
    • INTEL-SA-00075, CVE-2017-5689 published by Intel on May 1, 2017
      » Download
    • Dirty COW Vulnerability, Published by dirtycow.ninja on October 21, 2016

      CVE-2016-5195

      » Download
    • OCSP Status Request extension unbounded memory growth, Published by OpenSSL on 9/22/2016

      CVE-2016-6304

      Paired with:

      CVE-2016-6309, Fix Use Free for large message sizes

      » Download
    • Multiple OpenSSL Vulnerabilities

      CVE-2016-2108, CVE-2016-2107

      » Download
    • Drown attack vulnerability, Published by NIST on 03/01/2016

      CVE-2016-0800

      » Download
    • glibc getaddrinfo stack-based buffer overflow, Published by NIST on 02/18/2016

      CVE-2015-7547

      » Download
    • RC4 algorithm vulnerability to ‘plain-text recovery’ attacks as used in TLS/SSL, Published by NIST on 03/15/2013

      CVE-2013-2566

      » Download
    • RFC 5469 Compliance
      » Download
    • Cross-Site Scripting (XSS) Vulnerability, Published by NIST on 07/28/14

      CVE-2014-2975

      » Download
    • Cross-Site Reflect Forgery (CSRF) Vulnerability through hardcoded account, Published by NIST on 07/28/2014

      CVE-2014-2974

      » Download
    • Shell Upload Vulnerability, Published by seclists.org on 09/09/2015
      » Download
    • Command Injection Vulnerability, Published by seclists.org on 09/09/2015
      » Download
    • Unauthenticated File Read Vulnerability, Published by seclists.org on 09/09/2015
      » Download
    • Mass Assignment Vulnerability, Published by seclists.org on 09/09/2015
      » Download
    • OpenSSH Keyboard-Interactive Authentication Brute Force Vulnerability, Published by NIST on 08-02-2015

      CVE-2015-5600

      » Download
    • Logjam Vulnerability, Published by NIST on 05-20-2015

      CVE-2015-4000

      » Download
    • GHOST Vulnerability, Published by NIST on 01-28-2015

      glibc:__nss_hostname_digits_dots() heap-based buffer overflow

      CVE-2015-0235

      » Download
    • libpng Exploit Vulnerability, Published by NIST on 02-27-2014

      CVE-2014-0333

      » Download
    • SSL 3.0 Vulnerability, a.k.a. "Poodle", Published by NIST on 10-16-2014

      CVE-2014-3566, CVE-2014-3568

      » Download
    • GNU Bash Vulnerability, a.k.a. "Shellshock", Published by NIST on 09-24-2014

      CVE-2014-7169, CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7186, CVE-2014-7187

      » Download
    • Open SSL Vulnerability, a.k.a. "Heartbleed Bug", Published on 04-09-2014

      CVE-2014-0160

      » Download
    • Multiple Open SSL Vulnerabilities, Published by OpenSSL.org on 10-15-2014

      CVE-2014-3513, CVE-2014-3567

      » Download