Information disclosure

2020-05-2221:15:00

PRIOn knowledge base

www.prio-n.com

5.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

46.4%

JSON

An issue was discovered in Aviatrix Controller before 5.4.1204. There is a Observable Response Discrepancy from the API, which makes it easier to perform user enumeration via brute force.

CPENameOperatorVersion
controllerlt5.4.1204
vpn_clienteq2.8.2

CPE	Name	Operator	Version
	controller	lt	5.4.1204
	vpn_client	eq	2.8.2

References

docs.aviatrix.com/HowTos/security_bulletin_article.html

www.criticalstart.com/multiple-vulnerabilities-discovered-in-aviatrix/