CVE-2020-12147 : Vulnerability Insights and Analysis

Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+ are vulnerable to unauthorized MySQL queries. Learn about the impact, technical details, and mitigation steps.

Understanding CVE-2020-12147

In Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+, an authenticated user can make unauthorized MySQL queries against the Orchestrator database using the /sqlExecution REST API.

What is CVE-2020-12147?

This CVE refers to the ability of an authenticated user to execute unauthorized MySQL queries against the Silver Peak Unity Orchestrator database.

The Impact of CVE-2020-12147

CVSS Base Score: 6.6 (Medium Severity)
Attack Vector: Network
Attack Complexity: High
Privileges Required: High
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Technical Details of CVE-2020-12147

Silver Peak Unity Orchestrator vulnerability details.

Vulnerability Description

An authenticated user can perform unauthorized MySQL queries via the /sqlExecution REST API.

Affected Systems and Versions

Unity Orchestrator: All versions affected prior to 8.9.11+, 8.10.11+, or 9.0.1+.

Exploitation Mechanism

The vulnerability allows an authenticated user to execute unauthorized MySQL queries against the Orchestrator database.

Mitigation and Prevention

Protect your systems from CVE-2020-12147.

Immediate Steps to Take

Upgrade to Silver Peak Unity Orchestrator 8.9.11+, 8.10.11+, or 9.0.1+.

Long-Term Security Practices

Regularly monitor and audit database queries.
Implement access controls to restrict unauthorized queries.
Stay informed about security advisories and updates.
Conduct security training for users to prevent unauthorized actions.

Patching and Updates

Apply patches and updates provided by Silver Peak Systems to address this vulnerability.