Lucene search
K
AviatrixController

15 matches found

CVE
CVE
added 2021/09/13 7:41 a.m.1077 views

CVE-2021-40870

Summary (CVE-2021-40870) : Aviatrix Controller 6.x before 6.5-1804.1922 is affected by an unrestricted file upload via a directory traversal flaw that enables an unauthenticated attacker to execute arbitrary code. The base vulnerability is described in the primary CVE record, which lists the affe...

9.8CVSS9.6AI score0.92382EPSS
In wildWeb
CVE
CVE
added 2025/01/08 12:0 a.m.271 views

CVE-2024-50603

CVE-2024-50603 in Aviatrix Controller (versions < 7.1.4191 for 7.1.x and

10CVSS9.8AI score0.98545EPSS
In wildWeb
CVE
CVE
added 2020/05/22 8:47 p.m.164 views

CVE-2020-13417

CVE-2020-13417 is an Elevation of Privilege affecting Aviatrix VPN Client, linked to an incomplete fix for CVE-2020-7224. Connected sources confirm the issue occurs on Linux, macOS, and Windows installations when OpenSSL parameters are altered from the issued values, enabling loading of unauthori...

9.8CVSS9.4AI score0.02257EPSS
CVE
CVE
added 2020/05/22 8:48 p.m.134 views

CVE-2020-13414

CVE-2020-13414 affects Aviatrix Controller prior to 5.4.1204. The issue is an information disclosure vulnerability described as credentials unused by the software. NVD metrics list CVSSv3.1 base score 7.5 (HIGH) with network access and low exploit complexity; confidentiality impact HIGH, others N...

7.5CVSS7.5AI score0.01466EPSS
CVE
CVE
added 2020/05/22 8:48 p.m.132 views

CVE-2020-13415

CVE-2020-13415: Multiple records describe an XML Signature Wrapping vulnerability in Aviatrix Controller (v5.1 and earlier). An attacker with any signed SAML assertion from the IdP can establish a connection, even if the assertion is expired or the user is not authorized. This indicates a weaknes...

7.5CVSS7.4AI score0.00747EPSS
CVE
CVE
added 2020/05/22 8:48 p.m.127 views

CVE-2020-13412

The CVE-2020-13412 vulnerability affects Aviatrix Controller prior to 5.4.1204. A web API call did not perform a session token check, enabling Cross-Site Request Forgery (CSRF). The issue originates from inadequate request validation in the web interface, allowing unauthorized actions via forged ...

8.8CVSS8.5AI score0.00583EPSS
CVE
CVE
added 2020/05/22 8:48 p.m.126 views

CVE-2020-13413

CVE-2020-13413 affects Aviatrix Controller prior to version 5.4.1204. The issue is an observable response discrepancy in the API that makes it easier to enumerate valid usernames via brute force. Public references across multiple feeds describe this information disclosure vulnerability tying to u...

5.3CVSS5.2AI score0.01369EPSS
CVE
CVE
added 2020/05/22 8:48 p.m.126 views

CVE-2020-13416

The CVE-2020-13416 issue affects Aviatrix Controller prior to 5.4.1066. A CSRF vulnerability arises because a Controller Web Interface session token parameter is not required on an API call, enabling password resets via CSRF. Impact is password reset abuse; exploitation details are not provided b...

6.5CVSS6.6AI score0.0051EPSS
CVE
CVE
added 2020/11/17 8:58 p.m.69 views

CVE-2020-26552

Summary: CVE-2020-26552 affects Aviatrix Controller prior to R6.0.2483. The issue is improper access control: multiple API-endpoint executables do not require a valid session ID, enabling potential account takeover. Affected software: Aviatrix Controller (pre-R6.0.2483). Root cause: insufficient ...

7.5CVSS7.5AI score0.01163EPSS
CVE
CVE
added 2020/11/17 8:24 p.m.58 views

CVE-2020-26549

CVE-2020-26549 affects Aviatrix Controller prior to R5.4.1290. The vulnerability arises from an htaccess protection mechanism that prevents requests to directories, which can be bypassed to download files beyond a user’s rights. Documented impact in CNVD/NVD entries: an attacker could download re...

7.5CVSS7.5AI score0.01488EPSS
CVE
CVE
added 2020/11/17 8:59 p.m.54 views

CVE-2020-26553

CVE-2020-26553 affects Aviatrix Controller prior to R6.0.2483. Multiple APIs allow arbitrary files to be uploaded to the web tree, enabling remote code execution as described in connected CNVD/NVD records. Affected product: Aviatrix Controller; vulnerability root cause: file upload in API functio...

9.8CVSS9.3AI score0.01742EPSS
CVE
CVE
added 2020/11/17 8:22 p.m.48 views

CVE-2020-26548

Aviatrix Controller (pre-R5.4.1290) contains an insecure sudo rule that allows a user to execute any command as any user on the system. This vulnerability affects Controller versions before R5.4.1290 and is supported by multiple sources (e.g., CNVD-2021-17716; NVD CVE-2020-26548) with high impact...

9CVSS8.8AI score0.01441EPSS
CVE
CVE
added 2020/11/17 8:33 p.m.46 views

CVE-2020-26551

Aviatrix Controller before R5.3.1151 stores encrypted key values in a readable file, exposing plaintext encryption keys. CNVD-2021-17719 and NVD records confirm plaintext key storage prior to R5.3.1151; risk is confidentiality impact (high per CVSS3.1). Remediation: upgrade to R5.3.1151 or later ...

7.5CVSS7.4AI score0.00909EPSS
CVE
CVE
added 2020/11/17 8:26 p.m.43 views

CVE-2020-26550

CVE-2020-26550 pertains to Aviatrix Controller prior to R5.3.1151, where an encrypted file containing credentials is protected by a three-character key. The root cause is a weak key in the encrypted file, which has implications for confidentiality (HIGH per CVSS3.1). The connected documents confi...

7.5CVSS7.4AI score0.01461EPSS
CVE
CVE
added 2021/04/21 9:16 p.m.37 views

CVE-2020-27568

The CVE-2020-27568 entry concerns Aviatrix Controller 5.3.1516 with insecure file permissions. The issue is caused by the presence of world-writable files and directories in the controller resource, as noted in multiple sources. The information provided does not include specific vulnerable compon...

7.5CVSS7.6AI score0.01561EPSS