CVSS: 10.0EPSS: 94%CPEs: 2EXPL: 2CVE-2024-50603 – Aviatrix Controllers OS Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2024-50603
08 Jan 2025 — An issue was discovered in Aviatrix Controller before 7.1.4191 and 7.2.x before 7.2.4996. Due to the improper neutralization of special elements used in an OS command, an unauthenticated attacker is able to execute arbitrary code. Shell metacharacters can be sent to /v1/api in cloud_type for list_flightpath_destination_instances, or src_cloud_type for flightpath_connection_test. Aviatrix Controllers contain an OS command injection vulnerability that could allow an unauthenticated attacker to execute arbitra... • https://github.com/newlinesec/CVE-2024-50603 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 94%CPEs: 4EXPL: 7CVE-2021-40870 – Aviatrix Controller Unrestricted Upload of File
https://notcve.org/view.php?id=CVE-2021-40870
13 Sep 2021 — An issue was discovered in Aviatrix Controller 6.x before 6.5-1804.1922. Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitrary code via directory traversal. Se ha detectado un problema en Aviatrix Controller versiones 6.x anteriores a 6.5-1804.1922. Es posible una carga sin restricciones de un archivo de tipo peligroso, que permite a un usuario no autenticado ejecutar código arbitrario por medio de un salto de directorio Unrestricted uploa... • https://packetstorm.news/files/id/164461 • CWE-23: Relative Path Traversal •