133 matches found
CVE-2020-26552
An issue was discovered in Aviatrix Controller before R6.0.2483. Multiple executable files, that implement API endpoints, do not require a valid session ID for access...
CVE-2020-26551
An issue was discovered in Aviatrix Controller before R5.3.1151. Encrypted key values are stored in a readable file...
CVE-2020-26551
Aviatrix Controller before R5.3.1151 stores encrypted key values in a readable file, exposing plaintext encryption keys. CNVD-2021-17719 and NVD records confirm plaintext key storage prior to R5.3.1151; risk is confidentiality impact (high per CVSS3.1). Remediation: upgrade to R5.3.1151 or later ...
CVE-2020-26550
CVE-2020-26550 pertains to Aviatrix Controller prior to R5.3.1151, where an encrypted file containing credentials is protected by a three-character key. The root cause is a weak key in the encrypted file, which has implications for confidentiality (HIGH per CVSS3.1). The connected documents confi...
CVE-2020-26549
An issue was discovered in Aviatrix Controller before R5.4.1290. The htaccess protection mechanism to prevent requests to directories can be bypassed for file downloading...
CVE-2020-26549
CVE-2020-26549 affects Aviatrix Controller prior to R5.4.1290. The vulnerability arises from an htaccess protection mechanism that prevents requests to directories, which can be bypassed to download files beyond a user’s rights. Documented impact in CNVD/NVD entries: an attacker could download re...
CVE-2020-26548
An issue was discovered in Aviatrix Controller before R5.4.1290. There is an insecure sudo rule: a user exists that can execute all commands as any user on the system...
CVE-2020-26548
Aviatrix Controller (pre-R5.4.1290) contains an insecure sudo rule that allows a user to execute any command as any user on the system. This vulnerability affects Controller versions before R5.4.1290 and is supported by multiple sources (e.g., CNVD-2021-17716; NVD CVE-2020-26548) with high impact...
Aviatrix Systems Controller 代码问题漏洞
Aviatrix Controller is a centralized control panel for orchestrating and managing various network and connectivity solutions. An arbitrary file upload vulnerability exists in Aviatrix Controller versions prior to R6.0.2483. The vulnerability stems from several APIs that contain functionality that...
Aviatrix Systems Controller 安全漏洞
Aviatrix Controller is a centralized control panel for orchestrating and managing various network and connectivity solutions. An encryption key plaintext storage vulnerability exists in Aviatrix Controller versions prior to R5.3.1151. An attacker can exploit this vulnerability to obtain plaintext...
Aviatrix Systems Controller 安全漏洞
Aviatrix Controller is a centralized control panel for orchestrating and managing various network and connectivity solutions. A security vulnerability exists in Aviatrix Controller versions prior to R5.3.1151. The vulnerability stems from a weak key in an encrypted file containing credentials. No...
Aviatrix Systems Controller 加密问题漏洞
Aviatrix Controller is a centralized control panel for orchestrating and managing various network and connectivity solutions. An improper access control vulnerability exists in Aviatrix Controller versions prior to R6.0.2483. The vulnerability stems from the fact that multiple executables...
Aviatrix Systems Controller 安全漏洞
Aviatrix Controller is a centralized control panel for orchestrating and managing various network and connectivity solutions. A sudo rule insecurity vulnerability exists in Aviatrix Controller versions prior to R5.4.1290. An attacker could execute all commands as any user on the system through th...
CVE-2020-13412
An issue was discovered in Aviatrix Controller before 5.4.1204. An API call on the web interface lacked a session token check to control access, leading to CSRF...
CVE-2020-13414
An issue was discovered in Aviatrix Controller before 5.4.1204. It contains credentials unused by the software...
CVE-2020-13413
An issue was discovered in Aviatrix Controller before 5.4.1204. There is a Observable Response Discrepancy from the API, which makes it easier to perform user enumeration via brute force...
CVE-2020-13412
An issue was discovered in Aviatrix Controller before 5.4.1204. An API call on the web interface lacked a session token check to control access, leading to CSRF...
CVE-2020-13415
An issue was discovered in Aviatrix Controller through 5.1. An attacker with any signed SAML assertion from the Identity Provider can establish a connection even if that SAML assertion has expired or is from a user who is not authorized to access Aviatrix, aka XML Signature Wrapping...
CVE-2020-13416
An issue was discovered in Aviatrix Controller before 5.4.1066. A Controller Web Interface session token parameter is not required on an API call, which opens the application up to a Cross Site Request Forgery CSRF vulnerability for password resets...
CVE-2020-13413
An issue was discovered in Aviatrix Controller before 5.4.1204. There is a Observable Response Discrepancy from the API, which makes it easier to perform user enumeration via brute force...