CVE-2020-12142

Name of the Vulnerable Software and Affected Versions EdgeConnect appliance (affected versions not specified)

Description The issue allows an admin user with shell access to retrieve IPSec UDP key material from both machine-to-machine interfaces and human-accessible interfaces. This material can then be used to decrypt in-flight communication. The exploitation requires administrative access and shell access to the appliance, allowing the admin user to access IPSec seed and nonce parameters through the CLI, REST APIs, and the Linux shell.

Recommendations For the EdgeConnect appliance, restrict access to administrative credentials and shell access to minimize the risk of exploitation. As a temporary workaround, consider limiting the use of the CLI, REST APIs, and Linux shell to reduce the potential for accessing sensitive IPSec parameters. At the moment, there is no information about a newer version that contains a fix for this vulnerability.