CVE-2024-50603

CVE-2024-50603 in Aviatrix Controller (versions < 7.1.4191 for 7.1.x and

CVE-2020-13417

CVE-2020-13417 is an Elevation of Privilege affecting Aviatrix VPN Client, linked to an incomplete fix for CVE-2020-7224. Connected sources confirm the issue occurs on Linux, macOS, and Windows installations when OpenSSL parameters are altered from the issued values, enabling loading of unauthori...

CVE-2020-13414

CVE-2020-13414 affects Aviatrix Controller prior to 5.4.1204. The issue is an information disclosure vulnerability described as credentials unused by the software. NVD metrics list CVSSv3.1 base score 7.5 (HIGH) with network access and low exploit complexity; confidentiality impact HIGH, others N...

CVE-2020-13412

The CVE-2020-13412 vulnerability affects Aviatrix Controller prior to 5.4.1204. A web API call did not perform a session token check, enabling Cross-Site Request Forgery (CSRF). The issue originates from inadequate request validation in the web interface, allowing unauthorized actions via forged ...

CVE-2020-13413

CVE-2020-13413 affects Aviatrix Controller prior to version 5.4.1204. The issue is an observable response discrepancy in the API that makes it easier to enumerate valid usernames via brute force. Public references across multiple feeds describe this information disclosure vulnerability tying to u...

CVE-2020-13416

The CVE-2020-13416 issue affects Aviatrix Controller prior to 5.4.1066. A CSRF vulnerability arises because a Controller Web Interface session token parameter is not required on an API call, enabling password resets via CSRF. Impact is password reset abuse; exploitation details are not provided b...