NotCVE - vendor:"Aviatrix" product:"Controller" version:" <= 5.1"

7 results (0.007 seconds)

CVSS: 10.0EPSS: 94%CPEs: 2EXPL: 2

CVE-2024-50603 – Aviatrix Controllers OS Command Injection Vulnerability

https://notcve.org/view.php?id=CVE-2024-50603

08 Jan 2025 — An issue was discovered in Aviatrix Controller before 7.1.4191 and 7.2.x before 7.2.4996. Due to the improper neutralization of special elements used in an OS command, an unauthenticated attacker is able to execute arbitrary code. Shell metacharacters can be sent to /v1/api in cloud_type for list_flightpath_destination_instances, or src_cloud_type for flightpath_connection_test. Aviatrix Controllers contain an OS command injection vulnerability that could allow an unauthenticated attacker to execute arbitra... • https://github.com/newlinesec/CVE-2024-50603 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2020-13412

https://notcve.org/view.php?id=CVE-2020-13412

22 May 2020 — An issue was discovered in Aviatrix Controller before 5.4.1204. An API call on the web interface lacked a session token check to control access, leading to CSRF. Se detectó un problema en Aviatrix Controller versiones anteriores a 5.4.1204. Una llamada API en la interfaz web carecía de una comprobación de token de sesión para controlar el acceso, lo que condujo a CSRF. • https://docs.aviatrix.com/HowTos/security_bulletin_article.html#cross-site-request-forgery-csrf • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 1

CVE-2020-13413

https://notcve.org/view.php?id=CVE-2020-13413

22 May 2020 — An issue was discovered in Aviatrix Controller before 5.4.1204. There is a Observable Response Discrepancy from the API, which makes it easier to perform user enumeration via brute force. Se detectó un problema en Aviatrix Controller versiones anteriores a 5.4.1204. Se presenta una Discrepancia de Respuesta Observable desde la API, lo que facilita llevar a cabo la enumeración de usuarios por medio de un ataque de fuerza bruta. • https://docs.aviatrix.com/HowTos/security_bulletin_article.html#observable-response-discrepancy-from-api • CWE-203: Observable Discrepancy •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1

CVE-2020-13414

https://notcve.org/view.php?id=CVE-2020-13414

22 May 2020 — An issue was discovered in Aviatrix Controller before 5.4.1204. It contains credentials unused by the software. Se detectó un problema en Aviatrix Controller versiones anteriores a 5.4.1204. Contiene credenciales no utilizadas por el software. • https://docs.aviatrix.com/HowTos/security_bulletin_article.html#clean-up-old-code • CWE-798: Use of Hard-coded Credentials •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

CVE-2020-13415

https://notcve.org/view.php?id=CVE-2020-13415

22 May 2020 — An issue was discovered in Aviatrix Controller through 5.1. An attacker with any signed SAML assertion from the Identity Provider can establish a connection (even if that SAML assertion has expired or is from a user who is not authorized to access Aviatrix), aka XML Signature Wrapping. Se detectó un problema en Aviatrix Controller versiones hasta 5.1. Un atacante con cualquier aserción SAML firmada desde el Identity Provider puede establecer una conexión (incluso si esa aserción SAML ha expirado o es desde ... • https://docs.aviatrix.com/HowTos/security_bulletin_article.html#xml-signature-wrapping-in-saml • CWE-347: Improper Verification of Cryptographic Signature •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2020-13416

https://notcve.org/view.php?id=CVE-2020-13416

22 May 2020 — An issue was discovered in Aviatrix Controller before 5.4.1066. A Controller Web Interface session token parameter is not required on an API call, which opens the application up to a Cross Site Request Forgery (CSRF) vulnerability for password resets. Se detectó un problema en Aviatrix Controller versiones anteriores a 5.4.1066. No es requerido un parámetro session token de Controller Web Interface en una llamada API, lo que abre la aplicación a una vulnerabilidad de tipo Cross Site Request Forgery (CSRF) p... • https://docs.aviatrix.com/HowTos/security_bulletin_article.html#csrf-on-password-reset • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 9.8EPSS: 1%CPEs: 6EXPL: 1

CVE-2020-13417

https://notcve.org/view.php?id=CVE-2020-13417

22 May 2020 — An Elevation of Privilege issue was discovered in Aviatrix VPN Client before 2.10.7, because of an incomplete fix for CVE-2020-7224. This affects Linux, macOS, and Windows installations for certain OpenSSL parameters. Se detectó un problema de Elevación de Privilegios en Aviatrix VPN Client versiones anteriores a 2.10.7, debido a una corrección incompleta para CVE-2020-7224. Esto afecta las instalaciones de Linux, macOS y Windows para determinados parámetros OpenSSL. • https://docs.aviatrix.com/HowTos/security_bulletin_article.html#openvpn-client-elevation-of-privilege •