NotCVE - vendor:"Aviatrix" product:"Controller" version:"

15 results (0.007 seconds)

CVSS: 10.0EPSS: 88%CPEs: 2EXPL: 2

CVE-2024-50603 – Aviatrix Controllers OS Command Injection Vulnerability

https://notcve.org/view.php?id=CVE-2024-50603

08 Jan 2025 — An issue was discovered in Aviatrix Controller before 7.1.4191 and 7.2.x before 7.2.4996. Due to the improper neutralization of special elements used in an OS command, an unauthenticated attacker is able to execute arbitrary code. Shell metacharacters can be sent to /v1/api in cloud_type for list_flightpath_destination_instances, or src_cloud_type for flightpath_connection_test. Aviatrix Controllers contain an OS command injection vulnerability that could allow an unauthenticated attacker to execute arbitra... • https://github.com/newlinesec/CVE-2024-50603 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 9.8EPSS: 97%CPEs: 4EXPL: 7

CVE-2021-40870 – Aviatrix Controller Unrestricted Upload of File

https://notcve.org/view.php?id=CVE-2021-40870

13 Sep 2021 — An issue was discovered in Aviatrix Controller 6.x before 6.5-1804.1922. Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitrary code via directory traversal. Se ha detectado un problema en Aviatrix Controller versiones 6.x anteriores a 6.5-1804.1922. Es posible una carga sin restricciones de un archivo de tipo peligroso, que permite a un usuario no autenticado ejecutar código arbitrario por medio de un salto de directorio Unrestricted uploa... • https://packetstorm.news/files/id/164461 • CWE-23: Relative Path Traversal •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2020-27568

https://notcve.org/view.php?id=CVE-2020-27568

21 Apr 2021 — Insecure File Permissions exist in Aviatrix Controller 5.3.1516. Several world writable files and directories were found in the controller resource. Note: All Aviatrix appliances are fully encrypted. This is an extra layer of security. Se presentan Permisos de Archivo No Seguros en Aviatrix Controller versión 5.3.1516. • https://docs.aviatrix.com/HowTos/security_bulletin_article.html#insecure-file-permissions • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1

CVE-2020-26553

https://notcve.org/view.php?id=CVE-2020-26553

17 Nov 2020 — An issue was discovered in Aviatrix Controller before R6.0.2483. Several APIs contain functions that allow arbitrary files to be uploaded to the web tree. Se detectó un problema en Aviatrix Controller versiones anteriores a R6.0.2483. Varias API contienen funciones que permiten cargar archivos en el árbol web • https://www.criticalstart.com/multiple-vulnerabilities-discovered-in-aviatrix • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

CVE-2020-26552

https://notcve.org/view.php?id=CVE-2020-26552

17 Nov 2020 — An issue was discovered in Aviatrix Controller before R6.0.2483. Multiple executable files, that implement API endpoints, do not require a valid session ID for access. Se detectó un problema en Aviatrix Controller versiones anteriores a R6.0.2483. Múltiples archivos ejecutables, que implementan endpoints de API, no requieren una ID de sesión válida para acceder • https://www.criticalstart.com/multiple-vulnerabilities-discovered-in-aviatrix •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

CVE-2020-26551

https://notcve.org/view.php?id=CVE-2020-26551

17 Nov 2020 — An issue was discovered in Aviatrix Controller before R5.3.1151. Encrypted key values are stored in a readable file. Se detectó un problema en Aviatrix Controller versiones anteriores a R5.3.1151. Los valores de clave cifrados son almacenados en un archivo legible • https://www.criticalstart.com/multiple-vulnerabilities-discovered-in-aviatrix • CWE-312: Cleartext Storage of Sensitive Information •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

CVE-2020-26550

https://notcve.org/view.php?id=CVE-2020-26550

17 Nov 2020 — An issue was discovered in Aviatrix Controller before R5.3.1151. An encrypted file containing credentials to unrelated systems is protected by a three-character key. Se detectó un problema en Aviatrix Controller versiones anteriores a R5.3.1151. Un archivo cifrado que contiene credenciales para sistemas no relacionados está protegido por una clave de tres caracteres • https://www.criticalstart.com/multiple-vulnerabilities-discovered-in-aviatrix • CWE-330: Use of Insufficiently Random Values •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

CVE-2020-26549

https://notcve.org/view.php?id=CVE-2020-26549

17 Nov 2020 — An issue was discovered in Aviatrix Controller before R5.4.1290. The htaccess protection mechanism to prevent requests to directories can be bypassed for file downloading. Se detectó un problema en Aviatrix Controller versiones anteriores a R5.4.1290. El mecanismo de protección htaccess para impedir peticiones a directorios puede ser omitido para una descarga de archivos • https://www.criticalstart.com/multiple-vulnerabilities-discovered-in-aviatrix • CWE-552: Files or Directories Accessible to External Parties •

CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1

CVE-2020-26548

https://notcve.org/view.php?id=CVE-2020-26548

17 Nov 2020 — An issue was discovered in Aviatrix Controller before R5.4.1290. There is an insecure sudo rule: a user exists that can execute all commands as any user on the system. Se detectó un problema en Aviatrix Controller versiones anteriores a R5.4.1290. Se presenta una regla sudo no segura: existe un usuario que puede ejecutar todos los comandos como cualquier usuario en el sistema • https://www.criticalstart.com/multiple-vulnerabilities-discovered-in-aviatrix •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2020-13412

https://notcve.org/view.php?id=CVE-2020-13412

22 May 2020 — An issue was discovered in Aviatrix Controller before 5.4.1204. An API call on the web interface lacked a session token check to control access, leading to CSRF. Se detectó un problema en Aviatrix Controller versiones anteriores a 5.4.1204. Una llamada API en la interfaz web carecía de una comprobación de token de sesión para controlar el acceso, lo que condujo a CSRF. • https://docs.aviatrix.com/HowTos/security_bulletin_article.html#cross-site-request-forgery-csrf • CWE-352: Cross-Site Request Forgery (CSRF) •

1 2