Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
aviatrix vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2020-13417
An Elevation of Privilege issue exists in Aviatrix VPN Client prior to 2.10.7, because of an incomplete fix for CVE-2020-7224. This affects Linux, macOS, and Windows installations for certain OpenSSL parameters.
Aviatrix Controller
Aviatrix Gateway
Aviatrix Vpn Client
5
CVSSv2
CVE-2020-13414
An issue exists in Aviatrix Controller prior to 5.4.1204. It contains credentials unused by the software.
Aviatrix Controller
Aviatrix Gateway
5
CVSSv2
CVE-2020-13413
An issue exists in Aviatrix Controller prior to 5.4.1204. There is a Observable Response Discrepancy from the API, which makes it easier to perform user enumeration via brute force.
Aviatrix Controller
Aviatrix Vpn Client 2.8.2
7.5
CVSSv2
CVE-2021-40870
An issue exists in Aviatrix Controller 6.x prior to 6.5-1804.1922. Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitrary code via directory traversal.
Aviatrix Controller
3 Github repositories
7.5
CVSSv2
CVE-2020-7224
The Aviatrix OpenVPN client up to and including 2.5.7 on Linux, macOS, and Windows is vulnerable when OpenSSL parameters are altered from the issued value set; the parameters could allow unauthorized third-party libraries to load.
Aviatrix Openvpn
5
CVSSv2
CVE-2020-13415
An issue exists in Aviatrix Controller up to and including 5.1. An attacker with any signed SAML assertion from the Identity Provider can establish a connection (even if that SAML assertion has expired or is from a user who is not authorized to access Aviatrix), aka XML Signature...
Aviatrix Controller
5
CVSSv2
CVE-2020-27569
Arbitrary File Write exists in Aviatrix VPN Client 2.8.2 and previous versions. The VPN service writes logs to a location that is world writable and can be leveraged to gain write access to any file on the system.
Aviatrix Openvpn
7.2
CVSSv2
CVE-2019-17387
An authentication flaw in the AVPNC_RP service in Aviatrix VPN Client up to and including 2.2.10 allows an malicious user to gain elevated privileges through arbitrary code execution on Windows, Linux, and macOS.
Aviatrix Vpn Client
NA
CVE-2022-38368
An issue exists in Aviatrix Gateway prior to 6.6.5712 and 6.7.x prior to 6.7.1376. Because Gateway API functions mishandle authentication, an authenticated VPN user can inject arbitrary commands.
Aviatrix Gateway
6.8
CVSSv2
CVE-2020-13412
An issue exists in Aviatrix Controller prior to 5.4.1204. An API call on the web interface lacked a session token check to control access, leading to CSRF.
Aviatrix Controller
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2108
CVE-2024-31061
CVE-2024-25959
CVE-2023-45866
injection
IDOR
memory leak
CVE-2024-1086
CVE-2023-42931
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »