Filtered by vendor Aviatrix Subscriptions
Filtered by product Controller Subscriptions
Total 14 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2021-40870 1 Aviatrix 1 Controller 2024-11-21 9.8 Critical
An issue was discovered in Aviatrix Controller 6.x before 6.5-1804.1922. Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitrary code via directory traversal.
CVE-2020-27568 1 Aviatrix 1 Controller 2024-11-21 7.5 High
Insecure File Permissions exist in Aviatrix Controller 5.3.1516. Several world writable files and directories were found in the controller resource. Note: All Aviatrix appliances are fully encrypted. This is an extra layer of security.
CVE-2020-26553 1 Aviatrix 1 Controller 2024-11-21 9.8 Critical
An issue was discovered in Aviatrix Controller before R6.0.2483. Several APIs contain functions that allow arbitrary files to be uploaded to the web tree.
CVE-2020-26552 1 Aviatrix 1 Controller 2024-11-21 7.5 High
An issue was discovered in Aviatrix Controller before R6.0.2483. Multiple executable files, that implement API endpoints, do not require a valid session ID for access.
CVE-2020-26551 1 Aviatrix 1 Controller 2024-11-21 7.5 High
An issue was discovered in Aviatrix Controller before R5.3.1151. Encrypted key values are stored in a readable file.
CVE-2020-26550 1 Aviatrix 1 Controller 2024-11-21 7.5 High
An issue was discovered in Aviatrix Controller before R5.3.1151. An encrypted file containing credentials to unrelated systems is protected by a three-character key.
CVE-2020-26549 1 Aviatrix 1 Controller 2024-11-21 7.5 High
An issue was discovered in Aviatrix Controller before R5.4.1290. The htaccess protection mechanism to prevent requests to directories can be bypassed for file downloading.
CVE-2020-26548 1 Aviatrix 1 Controller 2024-11-21 8.8 High
An issue was discovered in Aviatrix Controller before R5.4.1290. There is an insecure sudo rule: a user exists that can execute all commands as any user on the system.
CVE-2020-13417 4 Apple, Aviatrix, Linux and 1 more 6 Macos, Controller, Gateway and 3 more 2024-11-21 9.8 Critical
An Elevation of Privilege issue was discovered in Aviatrix VPN Client before 2.10.7, because of an incomplete fix for CVE-2020-7224. This affects Linux, macOS, and Windows installations for certain OpenSSL parameters.
CVE-2020-13416 1 Aviatrix 1 Controller 2024-11-21 6.5 Medium
An issue was discovered in Aviatrix Controller before 5.4.1066. A Controller Web Interface session token parameter is not required on an API call, which opens the application up to a Cross Site Request Forgery (CSRF) vulnerability for password resets.
CVE-2020-13415 1 Aviatrix 1 Controller 2024-11-21 7.5 High
An issue was discovered in Aviatrix Controller through 5.1. An attacker with any signed SAML assertion from the Identity Provider can establish a connection (even if that SAML assertion has expired or is from a user who is not authorized to access Aviatrix), aka XML Signature Wrapping.
CVE-2020-13414 1 Aviatrix 2 Controller, Gateway 2024-11-21 7.5 High
An issue was discovered in Aviatrix Controller before 5.4.1204. It contains credentials unused by the software.
CVE-2020-13413 1 Aviatrix 2 Controller, Vpn Client 2024-11-21 5.3 Medium
An issue was discovered in Aviatrix Controller before 5.4.1204. There is a Observable Response Discrepancy from the API, which makes it easier to perform user enumeration via brute force.
CVE-2020-13412 1 Aviatrix 1 Controller 2024-11-21 8.8 High
An issue was discovered in Aviatrix Controller before 5.4.1204. An API call on the web interface lacked a session token check to control access, leading to CSRF.