Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Controller
(Aviatrix)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 14 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-09-13 | CVE-2021-40870 | An issue was discovered in Aviatrix Controller 6.x before 6.5-1804.1922. Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitrary code via directory traversal. | Controller | 9.8 | ||
| 2021-04-21 | CVE-2020-27568 | Insecure File Permissions exist in Aviatrix Controller 5.3.1516. Several world writable files and directories were found in the controller resource. Note: All Aviatrix appliances are fully encrypted. This is an extra layer of security. | Controller | 7.5 | ||
| 2020-05-22 | CVE-2020-13413 | An issue was discovered in Aviatrix Controller before 5.4.1204. There is a Observable Response Discrepancy from the API, which makes it easier to perform user enumeration via brute force. | Controller, Vpn_client | 5.3 | ||
| 2020-05-22 | CVE-2020-13414 | An issue was discovered in Aviatrix Controller before 5.4.1204. It contains credentials unused by the software. | Controller, Gateway | 7.5 | ||
| 2020-05-22 | CVE-2020-13417 | An Elevation of Privilege issue was discovered in Aviatrix VPN Client before 2.10.7, because of an incomplete fix for CVE-2020-7224. This affects Linux, macOS, and Windows installations for certain OpenSSL parameters. | Controller, Gateway, Vpn_client | 9.8 | ||
| 2020-11-17 | CVE-2020-26550 | An issue was discovered in Aviatrix Controller before R5.3.1151. An encrypted file containing credentials to unrelated systems is protected by a three-character key. | Controller | 7.5 | ||
| 2020-11-17 | CVE-2020-26552 | An issue was discovered in Aviatrix Controller before R6.0.2483. Multiple executable files, that implement API endpoints, do not require a valid session ID for access. | Controller | 7.5 | ||
| 2020-11-17 | CVE-2020-26549 | An issue was discovered in Aviatrix Controller before R5.4.1290. The htaccess protection mechanism to prevent requests to directories can be bypassed for file downloading. | Controller | 7.5 | ||
| 2020-11-17 | CVE-2020-26548 | An issue was discovered in Aviatrix Controller before R5.4.1290. There is an insecure sudo rule: a user exists that can execute all commands as any user on the system. | Controller | 8.8 | ||
| 2020-11-17 | CVE-2020-26553 | An issue was discovered in Aviatrix Controller before R6.0.2483. Several APIs contain functions that allow arbitrary files to be uploaded to the web tree. | Controller | 9.8 |