Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
aviatrix vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2020-13416
An issue exists in Aviatrix Controller prior to 5.4.1066. A Controller Web Interface session token parameter is not required on an API call, which opens the application up to a Cross Site Request Forgery (CSRF) vulnerability for password resets.
Aviatrix Controller
NA
CVE-2022-38368
An issue exists in Aviatrix Gateway prior to 6.6.5712 and 6.7.x prior to 6.7.1376. Because Gateway API functions mishandle authentication, an authenticated VPN user can inject arbitrary commands.
Aviatrix Gateway
668
VMScore
CVE-2020-7224
The Aviatrix OpenVPN client up to and including 2.5.7 on Linux, macOS, and Windows is vulnerable when OpenSSL parameters are altered from the issued value set; the parameters could allow unauthorized third-party libraries to load.
Aviatrix Openvpn
445
VMScore
CVE-2020-26549
An issue exists in Aviatrix Controller before R5.4.1290. The htaccess protection mechanism to prevent requests to directories can be bypassed for file downloading.
Aviatrix Controller 5.3.1516
445
VMScore
CVE-2020-26551
An issue exists in Aviatrix Controller before R5.3.1151. Encrypted key values are stored in a readable file.
Aviatrix Controller 5.3.1516
668
VMScore
CVE-2020-26553
An issue exists in Aviatrix Controller before R6.0.2483. Several APIs contain functions that allow arbitrary files to be uploaded to the web tree.
Aviatrix Controller 5.3.1516
445
VMScore
CVE-2020-27568
Insecure File Permissions exist in Aviatrix Controller 5.3.1516. Several world writable files and directories were found in the controller resource. Note: All Aviatrix appliances are fully encrypted. This is an extra layer of security.
Aviatrix Controller 5.3.1516
801
VMScore
CVE-2020-26548
An issue exists in Aviatrix Controller before R5.4.1290. There is an insecure sudo rule: a user exists that can execute all commands as any user on the system.
Aviatrix Controller 5.3.1516
445
VMScore
CVE-2020-26550
An issue exists in Aviatrix Controller before R5.3.1151. An encrypted file containing credentials to unrelated systems is protected by a three-character key.
Aviatrix Controller 5.3.1516
445
VMScore
CVE-2020-26552
An issue exists in Aviatrix Controller before R6.0.2483. Multiple executable files, that implement API endpoints, do not require a valid session ID for access.
Aviatrix Controller 5.3.1516
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2