CVE-2021-40870 – Aviatrix Controller Unrestricted Upload of File
https://notcve.org/view.php?id=CVE-2021-40870
An issue was discovered in Aviatrix Controller 6.x before 6.5-1804.1922. Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitrary code via directory traversal. Se ha detectado un problema en Aviatrix Controller versiones 6.x anteriores a 6.5-1804.1922. Es posible una carga sin restricciones de un archivo de tipo peligroso, que permite a un usuario no autenticado ejecutar código arbitrario por medio de un salto de directorio Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitrary code via directory traversal. • https://github.com/0xAgun/CVE-2021-40870 https://github.com/orangmuda/CVE-2021-40870 https://github.com/JoyGhoshs/CVE-2021-40870 https://github.com/System00-Security/CVE-2021-40870 http://packetstormsecurity.com/files/164461/Aviatrix-Controller-6.x-Path-Traversal-Code-Execution.html https://docs.aviatrix.com/HowTos/UCC_Release_Notes.html#security-note-9-11-2021 https://wearetradecraft.com/advisories/tc-2021-0002 • CWE-23: Relative Path Traversal •
CVE-2020-27568
https://notcve.org/view.php?id=CVE-2020-27568
Insecure File Permissions exist in Aviatrix Controller 5.3.1516. Several world writable files and directories were found in the controller resource. Note: All Aviatrix appliances are fully encrypted. This is an extra layer of security. Se presentan Permisos de Archivo No Seguros en Aviatrix Controller versión 5.3.1516. • https://docs.aviatrix.com/HowTos/security_bulletin_article.html#insecure-file-permissions • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2020-26553
https://notcve.org/view.php?id=CVE-2020-26553
An issue was discovered in Aviatrix Controller before R6.0.2483. Several APIs contain functions that allow arbitrary files to be uploaded to the web tree. Se detectó un problema en Aviatrix Controller versiones anteriores a R6.0.2483. Varias API contienen funciones que permiten cargar archivos en el árbol web • https://www.criticalstart.com/multiple-vulnerabilities-discovered-in-aviatrix • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2020-26552
https://notcve.org/view.php?id=CVE-2020-26552
An issue was discovered in Aviatrix Controller before R6.0.2483. Multiple executable files, that implement API endpoints, do not require a valid session ID for access. Se detectó un problema en Aviatrix Controller versiones anteriores a R6.0.2483. Múltiples archivos ejecutables, que implementan endpoints de API, no requieren una ID de sesión válida para acceder • https://www.criticalstart.com/multiple-vulnerabilities-discovered-in-aviatrix •
CVE-2020-26551
https://notcve.org/view.php?id=CVE-2020-26551
An issue was discovered in Aviatrix Controller before R5.3.1151. Encrypted key values are stored in a readable file. Se detectó un problema en Aviatrix Controller versiones anteriores a R5.3.1151. Los valores de clave cifrados son almacenados en un archivo legible • https://www.criticalstart.com/multiple-vulnerabilities-discovered-in-aviatrix • CWE-312: Cleartext Storage of Sensitive Information •