silver-peak CVE Vulnerabilities & Metrics

Focus on silver-peak vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About silver-peak Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with silver-peak. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total silver-peak CVEs: 13
Earliest CVE date: 28 Jul 2014, 17:55 UTC
Latest CVE date: 05 Nov 2020, 19:15 UTC

Latest CVE reference: CVE-2020-12147

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 0

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical silver-peak CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 5.68

Max CVSS: 9.0

Critical CVEs (≥9): 1

CVSS Range vs. Count

Range	Count
0.0-3.9	0
4.0-6.9	12
7.0-8.9	2
9.0-10.0	1

CVSS Distribution Chart

Top 5 Highest CVSS silver-peak CVEs

These are the five CVEs with the highest CVSS scores for silver-peak, sorted by severity first and recency.

CVE-2019-16103 silver-peak Published on 08 Sep 2019, 17:15 UTC (CVSS: 9.0)
Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows privilege escalation (by administrators) from the menu to a root Bash OS shell via the spsshell feature.
CVE-2020-12145 silver-peak Published on 05 Nov 2020, 19:15 UTC (CVSS: 7.5)
Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+ uses HTTP headers to authenticate REST API calls from localhost. This makes it possible to log in to Orchestrator by introducing an HTTP HOST header set to 127.0.0.1 or localhost. Orchestrator instances that are hosted by customers –on-premise or in a public cloud provider –are affected by this vulnerability.
CVE-2019-16102 silver-peak Published on 08 Sep 2019, 17:15 UTC (CVSS: 7.5)
Silver Peak EdgeConnect SD-WAN before 8.1.7.x has an SNMP service with a public value for rocommunity and trapcommunity.
CVE-2019-16099 silver-peak Published on 08 Sep 2019, 17:15 UTC (CVSS: 6.8)
Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows CSRF via JSON data to a .swf file.
CVE-2014-2974 silver-peak Published on 28 Jul 2014, 17:55 UTC (CVSS: 6.8)
Cross-site request forgery (CSRF) vulnerability in php/user_account.php in Silver Peak VX through 6.2.4 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts.

All CVEs for silver-peak

CVE-2020-12147 silver-peak vulnerability CVSS: 6.5 05 Nov 2020, 19:15 UTC

In Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+, an authenticated user can make unauthorized MySQL queries against the Orchestrator database using the /sqlExecution REST API, which had been used for internal testing.

CVE-2020-12146 silver-peak vulnerability CVSS: 6.5 05 Nov 2020, 19:15 UTC

In Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+, an authenticated user can access, modify, and delete restricted files on the Orchestrator server using the/debugFiles REST API.

CVE-2020-12145 silver-peak vulnerability CVSS: 7.5 05 Nov 2020, 19:15 UTC

Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+ uses HTTP headers to authenticate REST API calls from localhost. This makes it possible to log in to Orchestrator by introducing an HTTP HOST header set to 127.0.0.1 or localhost. Orchestrator instances that are hosted by customers –on-premise or in a public cloud provider –are affected by this vulnerability.

CVE-2020-12144 silver-peak vulnerability CVSS: 4.0 05 May 2020, 20:15 UTC

The certificate used to identify the Silver Peak Cloud Portal to EdgeConnect devices is not validated. This makes it possible for someone to establish a TLS connection from EdgeConnect to an untrusted portal.

CVE-2020-12143 silver-peak vulnerability CVSS: 4.0 05 May 2020, 20:15 UTC

The certificate used to identify Orchestrator to EdgeConnect devices is not validated, which makes it possible for someone to establish a TLS connection from EdgeConnect to an untrusted Orchestrator.

CVE-2020-12142 silver-peak vulnerability CVSS: 4.0 05 May 2020, 20:15 UTC

1. IPSec UDP key material can be retrieved from machine-to-machine interfaces and human-accessible interfaces by a user with admin credentials. Such a user, with the required system knowledge, could use this material to decrypt in-flight communication. 2. The vulnerability requires administrative access and shell access to the EdgeConnect appliance. An admin user can access IPSec seed and nonce parameters using the CLI, REST APIs, and the Linux shell.

CVE-2019-16105 silver-peak vulnerability CVSS: 4.0 08 Sep 2019, 17:15 UTC

Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows ..%2f directory traversal via a rest/json/configdb/download/ URI.

CVE-2019-16104 silver-peak vulnerability CVSS: 4.3 08 Sep 2019, 17:15 UTC

Silver Peak EdgeConnect SD-WAN before 8.1.7.x has reflected XSS via the rest/json/configdb/download/ PATH_INFO.

CVE-2019-16103 silver-peak vulnerability CVSS: 9.0 08 Sep 2019, 17:15 UTC

Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows privilege escalation (by administrators) from the menu to a root Bash OS shell via the spsshell feature.

CVE-2019-16102 silver-peak vulnerability CVSS: 7.5 08 Sep 2019, 17:15 UTC

Silver Peak EdgeConnect SD-WAN before 8.1.7.x has an SNMP service with a public value for rocommunity and trapcommunity.

CVE-2019-16101 silver-peak vulnerability CVSS: 5.0 08 Sep 2019, 17:15 UTC

Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows remote attackers to obtain potentially sensitive stack traces by sending incorrect JSON data to the REST API, such as the rest/json/banners URI.

CVE-2019-16100 silver-peak vulnerability CVSS: 5.0 08 Sep 2019, 17:15 UTC

Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows remote attackers to trigger a web-interface outage via slow client-side HTTP traffic from a single source.

CVE-2019-16099 silver-peak vulnerability CVSS: 6.8 08 Sep 2019, 17:15 UTC

Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows CSRF via JSON data to a .swf file.

CVE-2014-2975 silver-peak vulnerability CVSS: 4.3 28 Jul 2014, 17:55 UTC

Cross-site scripting (XSS) vulnerability in php/user_account.php in Silver Peak VX before 6.2.4 allows remote attackers to inject arbitrary web script or HTML via the user_id parameter.

CVE-2014-2974 silver-peak vulnerability CVSS: 6.8 28 Jul 2014, 17:55 UTC

Cross-site request forgery (CSRF) vulnerability in php/user_account.php in Silver Peak VX through 6.2.4 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts.