-
User Documentation
Security Advisories
-
Security Advisory RSS
Security RSS link
Report a Vulnerability
If you have information about a security issue or vulnerability with a Silver Peak product or technology, please send an e-mail to sirt@silver-peak.com. Encrypt sensitive information using our PGP public key
Please provide as much information as possible, including:
The products and versions affected
Detailed description of the vulnerability
Information on known exploits
A member of the Silver Peak Product Security Team will review your e-mail and contact you to collaborate on resolving the issue.
Contact Support
North America (USA/CAN)
T: +1 877 210 7325
Australia
T: 1800 859 651
France
T: 0800-913757
Hong Kong
T: 800-901193
India
T: 000-800-9190024
United Kingdom
T: 0-8000969372
Global
T: +1 408 935 1850
-
-
OpenSSL Security Advisory, EDIPartyName Vulnerability
CVE-2020-1971 originally published by OpenSSL Software Foundation on December 8, 2020
-
OS Command Injection - Management File Upload
CVE-2020-12149 submitted on December 11, 2020 by Silver Peak Systems, Inc.
-
OS Command Injection - nslookup API
CVE-2020-12148 submitted on December 11, 2020 by Silver Peak Systems, Inc.
-
Possible to Subvert Orchestrator Authentication
CVE-2020-12145 submitted on October 30, 2020 by Silver Peak Systems, Inc.
-
Path Traversal Vulnerability in Orchestrator
CVE-2020-12146 submitted on October 30, 2020 by Silver Peak Systems, Inc.
-
Unauthorized Database Queries in Orchestrator
CVE-2020-12147 submitted on October 30, 2020 by Silver Peak Systems, Inc.
-
OpenSSL Security Advisory, Raccoon Attack
CVE-2020-1968 originally published by OpenSSL Software Foundation on September 9, 2020
-
IPSec UDP key material can be retrieved from EdgeConnect by admin
CVE-2020-12142 submitted on May 4, 2020 by Silver Peak Systems, Inc.
-
Certificate used to identify Cloud Portal is not validated
CVE-2020-12144 submitted on May 4, 2020 by Silver Peak Systems, Inc.
-
Certificate used to identify Orchestrator is not validated
CVE-2020-12143 submitted on May 4, 2020 by Silver Peak Systems, Inc.
-
EdgeConnect Web UI Prior to 8.1.7.x Allows CSRF via JSON
CVE-2019-16099, originally published by the SD-WAN “new hope” team on Sep 8, 2019
-
EdgeConnect Web UI Susceptible to XSS and Directory Traversal Attacks
CVE-2019-16104 and CVE-2019-16105 originally published by the SD-WAN “new hope” team on Sep 8, 2019
-
EdgeConnect Web UI Prior to 8.1.7.x Susceptible to Slow HTTP DoS Attacks
CVE-2019-16100 originally published by the SD-WAN “new hope” team on Sep 8, 2019
-
Unauthenticated User Can Access Information via Stack Traces
CVE-2019-16101 originally published by the SD-WAN “new hope” team on Sep 8, 2019
-
SNMP Service in EdgeConnect Prior to 8.1.7.x has Public Community Value
CVE-2019-16102 originally published by the SD-WAN “new hope” team on Sep 8, 2019
-
Privilege Escalation in EdgeConnect Prior to 8.1.7.x
CVE-2019-16103 originally published by the SD-WAN “new hope” team on Sep 8, 2019
-
TCP SACK Panic and other remote denial of service vulnerabilities
NFLX-2019-001 originally published by Netflix on June 17, 2019
-
Silver Peak Microarchitectural Data Sampling (MDS) vulnerabilities
INTEL-SA-00233 originally published by Intel on May 14, 2019
-
Authentication bypass in server mode-CVE-2018-10933
Published by libssh on October 19, 2018
-
L1 Terminal Fault - INTEL-SA-00161
Published by Intel on August 14, 2018
-
The Dangers of Key Reuse: Practical Attacks on IPsec IKE
Published at the Usenix Symposium on August 15, 2018
-
Meltdown and Spectre Vulnerabilities
VU#584653 originally published by CERT on January 3, 2018
-
Return of Bleichenbacher's Oracle Threat (ROBOT Attack) -- A TLS Vulnerability
VU#144389 originally published by CERT on December 12, 2017
-
Intel Q3’17 ME 11.x, SPS 4.0, and TXE 3.0 Security Review Cumulative Update, Escalation of Privilege
INTEL-SA-00086 published by Intel on November 20, 2017
-
DOS Security Vulnerability, Published by node.js on October 24, 2017
CVE-2017-14919
-
INTEL-SA-00075, CVE-2017-5689 published by Intel on May 1, 2017
-
Dirty COW Vulnerability, Published by dirtycow.ninja on October 21, 2016
CVE-2016-5195
-
OCSP Status Request extension unbounded memory growth, Published by OpenSSL on 9/22/2016
CVE-2016-6304
Paired with:
CVE-2016-6309, Fix Use Free for large message sizes
-
Multiple OpenSSL Vulnerabilities
CVE-2016-2108, CVE-2016-2107
-
Drown attack vulnerability, Published by NIST on 03/01/2016
CVE-2016-0800
-
glibc getaddrinfo stack-based buffer overflow, Published by NIST on 02/18/2016
CVE-2015-7547
-
RC4 algorithm vulnerability to ‘plain-text recovery’ attacks as used in TLS/SSL, Published by NIST on 03/15/2013
CVE-2013-2566
-
RFC 5469 Compliance
-
Cross-Site Scripting (XSS) Vulnerability, Published by NIST on 07/28/14
CVE-2014-2975
-
Cross-Site Reflect Forgery (CSRF) Vulnerability through hardcoded account, Published by NIST on 07/28/2014
CVE-2014-2974
-
Command Injection Vulnerability, Published by seclists.org on 09/09/2015
-
Shell Upload Vulnerability, Published by seclists.org on 09/09/2015
-
Unauthenticated File Read Vulnerability, Published by seclists.org on 09/09/2015
-
Mass Assignment Vulnerability, Published by seclists.org on 09/09/2015
-
OpenSSH Keyboard-Interactive Authentication Brute Force Vulnerability, Published by NIST on 08-02-2015
CVE-2015-5600
-
Logjam Vulnerability, Published by NIST on 05-20-2015
CVE-2015-4000
-
GHOST Vulnerability, Published by NIST on 01-28-2015
glibc:__nss_hostname_digits_dots() heap-based buffer overflow
CVE-2015-0235
-
libpng Exploit Vulnerability, Published by NIST on 02-27-2014
CVE-2014-0333
-
SSL 3.0 Vulnerability, a.k.a. "Poodle", Published by NIST on 10-16-2014
CVE-2014-3566, CVE-2014-3568
-
GNU Bash Vulnerability, a.k.a. "Shellshock", Published by NIST on 09-24-2014
CVE-2014-7169, CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7186, CVE-2014-7187
-
Open SSL Vulnerability, a.k.a. "Heartbleed Bug", Published on 04-09-2014
CVE-2014-0160
-
Multiple Open SSL Vulnerabilities, Published by OpenSSL.org on 10-15-2014
CVE-2014-3513, CVE-2014-3567
-