Link Search Menu Expand Document

Security Advisories

Goherefor information about how to contact us if you have information about a security issue or vulnerability with a Silver Peak product or technology.

Apache Log4j2 Vulnerability

  • CVE-2021-44228 originally published by Apache Software Foundation on December 10, 2021.
  • Download

    See theFAQ pagefor information about verifying the corrective action to mitigate this exploit as well as answers to common questions.

Intel Platform Update (IPU) Update 2021.1, June 2021

  • Published on August 17, 2021 by Silver Peak Systems, Inc.
  • Download

OpenSSL Security Advisory, EDIPartyName Vulnerability

  • CVE-2020-1971 originally published by OpenSSL Software Foundation on December 8, 2020
  • Download

OS Command Injection - Management File Upload

  • CVE-2020-12149 submitted on December 11, 2020 by Silver Peak Systems, Inc.
  • Download

OS Command Injection - nslookup API

  • CVE-2020-12148 submitted on December 11, 2020 by Silver Peak Systems, Inc.
  • Download

Unauthorized Database Queries in Orchestrator

  • CVE-2020-12147 submitted on October 30, 2020 by Silver Peak Systems, Inc.
  • Download

Path Traversal Vulnerability in Orchestrator

  • CVE-2020-12146 submitted on October 30, 2020 by Silver Peak Systems, Inc.
  • Download

Possible to Subvert Orchestrator Authentication

  • CVE-2020-12145 submitted on October 30, 2020 by Silver Peak Systems, Inc.
  • Download

OpenSSL Security Advisory, Raccoon Attack

  • CVE-2020-1968 originally published by OpenSSL Software Foundation on September 9, 2020
  • Download

IPSec UDP key material can be retrieved from EdgeConnect by admin

  • CVE-2020-12142 submitted on May 4, 2020 by Silver Peak Systems, Inc.
  • Download

Certificate used to identify Cloud Portal is not validated

  • CVE-2020-12144 submitted on May 4, 2020 by Silver Peak Systems, Inc.
  • Download

Certificate used to identify Orchestrator is not validated

  • CVE-2020-12143 submitted on May 4, 2020 by Silver Peak Systems, Inc.
  • Download

EdgeConnect Web UI Prior to 8.1.7.x Allows CSRF via JSON

  • CVE-2019-16099, originally published by the SD-WAN “new hope” team on Sep 8, 2019
  • Download

EdgeConnect Web UI Prior to 8.1.7.x Susceptible to Slow HTTP DoS Attacks

  • CVE-2019-16100 originally published by the SD-WAN “new hope” team on Sep 8, 2019
  • Download

Unauthenticated User Can Access Information via Stack Traces

  • CVE-2019-16101 originally published by the SD-WAN “new hope” team on Sep 8, 2019
  • Download

SNMP Service in EdgeConnect Prior to 8.1.7.x has Public Community Value

  • CVE-2019-16102 originally published by the SD-WAN “new hope” team on Sep 8, 2019
  • Download

Privilege Escalation in EdgeConnect Prior to 8.1.7.x

  • CVE-2019-16103 originally published by the SD-WAN “new hope” team on Sep 8, 2019
  • Download

EdgeConnect Web UI Susceptible to XSS and Directory Traversal Attacks

  • CVE-2019-16104 and CVE-2019-16105 originally published by the SD-WAN “new hope” team on Sep 8, 2019
  • Download

TCP SACK Panic and other remote denial of service vulnerabilities

  • NFLX-2019-001 originally published by Netflix on June 17, 2019
  • Download

银Microarchitectural峰值数据抽样(MDS)vulnerabilities

  • INTEL-SA-00233 originally published by Intel on May 14, 2019
  • Download

Authentication bypass in server mode-CVE-2018-10933

  • Published by libssh on October 19, 2018
  • Download

L1 Terminal Fault - INTEL-SA-00161

  • Published by Intel on August 14, 2018
  • Download

The Dangers of Key Reuse: Practical Attacks on IPsec IKE

  • Published at the Usenix Symposium on August 15, 2018
  • Download

Meltdown and Spectre Vulnerabilities

  • VU#584653 originally published by CERT on January 3, 2018
  • Download

Return of Bleichenbacher’s Oracle Threat (ROBOT Attack) – A TLS Vulnerability

  • VU#144389 originally published by CERT on December 12, 2017
  • Download

Intel Q3’17 ME 11.x, SPS 4.0, and TXE 3.0 Security Review Cumulative Update, Escalation of Privilege

  • INTEL-SA-00086 published by Intel on November 20, 2017
  • Download

DOS Security Vulnerability

  • CVE-2017-14919 published by node.js on October 24, 2017
  • Download

INTEL-SA-00075

  • CVE-2017-5689 published by Intel on May 1, 2017
  • Download

Dirty COW Vulnerability

  • CVE-2016-5195, published by dirtycow.ninja on October 21, 2016
  • Download

OCSP Status Request extension unbounded memory growth

  • CVE-2016-6304, published by OpenSSL on 9/22/2016
  • Paired with: CVE-2016-6309, Fix Use Free for large message sizes
  • Download

Multiple OpenSSL Vulnerabilities

Drown attack vulnerability

  • CVE-2016-0800, published by NIST on 03/01/2016
  • Download

glibc getaddrinfo stack-based buffer overflow

  • CVE-2015-7547, published by NIST on 02/18/2016
  • Download

RC4 algorithm vulnerability to ‘plain-text recovery’ attacks as used in TLS/SSL

  • CVE-2013-2566, published by NIST on 03/15/2013
  • Download

RFC 5469 Compliance

  • DES and IDEA Cipher Suites for Transport Layer Security (TLS) are vulnerable to brute force attack and exhaustive key search attack.
  • Download

Cross-Site Scripting (XSS) Vulnerability

  • CVE-2014-2975, published by NIST on 07/28/14
  • Download

Cross-Site Reflect Forgery (CSRF) Vulnerability through hardcoded account

  • CVE-2014-2974, published by NIST on 07/28/2014
  • Download

Shell Upload Vulnerability

  • Published by seclists.org on 09/09/2015
  • Download

Command Injection Vulnerability

  • Published by seclists.org on 09/09/2015
  • Download

Unauthenticated File Read Vulnerability

  • Published by seclists.org on 09/09/2015
  • Download

Mass Assignment Vulnerability

  • Published by seclists.org on 09/09/2015
  • Download

libpng Exploit Vulnerability

  • CVE-2014-0333, published by NIST on 02-27-2014
  • Download

GHOST Vulnerability

  • CVE-2015-0235 (glibc:__nss_hostname_digits_dots() heap-based buffer overflow), published by NIST on 01-28-2015
  • Download

OpenSSH Keyboard-Interactive Authentication Brute Force Vulnerability

  • CVE-2015-5600, published by NIST on 08-02-2015
  • Download

Logjam Vulnerability

  • CVE-2015-4000, published by NIST on 05-20-2015
  • Download

SSL 3.0 Vulnerability, a.k.a. “Poodle”

  • CVE-2014-3566, CVE-2014-3568, published by NIST on 10-16-2014
  • Download

GNU Bash Vulnerability, a.k.a. “Shellshock”

  • CVE-2014-7169, CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7186, CVE-2014-7187, published by NIST on 09-24-2014
  • Download

Open SSL Vulnerability, a.k.a. “Heartbleed Bug”

  • cve - 2014 - 0160年,发表于04-09-2014
  • Download

Multiple Open SSL Vulnerabilities

  • CVE-2014-3513, CVE-2014-3567, published by OpenSSL.org on 10-15-2014
  • Download

Contact Information

If you have information about a security issue or vulnerability with a Silver Peak product or technology, please send an e-mail to sirt@silver-peak.com.

Encrypt sensitive information using our PGP public key:ASC文件(download) ortext file(for copy-paste).

Key Details:

  • User-ID: Silver Peak SIRT (Silver Peak Security Incidence Response Team) sirt@silver-peak.com
  • Type: 4096-bit RSA
  • Usage: Signing, Encryption, Certifying User-IDs
  • Fingerprint: 3ACA24A1E39CFC9A74F396FA44E3D25F6E7ADFF6

Please provide as much information as possible, including:

  • The products and versions affected

  • Detailed description of the vulnerability

  • Information on known exploits

A member of the Silver Peak Product Security Team will review your e-mail and contact you to collaborate on resolving the issue.

Table of contents

Baidu