Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
aviatrix vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2020-13417
An Elevation of Privilege issue exists in Aviatrix VPN Client prior to 2.10.7, because of an incomplete fix for CVE-2020-7224. This affects Linux, macOS, and Windows installations for certain OpenSSL parameters.
Aviatrix Controller
Aviatrix Gateway
Aviatrix Vpn Client
7.5
CVSSv3
CVE-2020-13414
An issue exists in Aviatrix Controller prior to 5.4.1204. It contains credentials unused by the software.
Aviatrix Controller
Aviatrix Gateway
5.3
CVSSv3
CVE-2020-13413
An issue exists in Aviatrix Controller prior to 5.4.1204. There is a Observable Response Discrepancy from the API, which makes it easier to perform user enumeration via brute force.
Aviatrix Controller
Aviatrix Vpn Client 2.8.2
7.8
CVSSv3
CVE-2021-31776
Aviatrix VPN Client prior to 2.14.14 on Windows has an unquoted search path that enables local privilege escalation to the SYSTEM user, if the machine is misconfigured to allow unprivileged users to write to directories that are supposed to be restricted to administrators.
Aviatrix Vpn Client
9.8
CVSSv3
CVE-2020-7224
The Aviatrix OpenVPN client up to and including 2.5.7 on Linux, macOS, and Windows is vulnerable when OpenSSL parameters are altered from the issued value set; the parameters could allow unauthorized third-party libraries to load.
Aviatrix Openvpn
8.8
CVSSv3
CVE-2022-38368
An issue exists in Aviatrix Gateway prior to 6.6.5712 and 6.7.x prior to 6.7.1376. Because Gateway API functions mishandle authentication, an authenticated VPN user can inject arbitrary commands.
Aviatrix Gateway
8.8
CVSSv3
CVE-2020-13412
An issue exists in Aviatrix Controller prior to 5.4.1204. An API call on the web interface lacked a session token check to control access, leading to CSRF.
Aviatrix Controller
7.5
CVSSv3
CVE-2020-13415
An issue exists in Aviatrix Controller up to and including 5.1. An attacker with any signed SAML assertion from the Identity Provider can establish a connection (even if that SAML assertion has expired or is from a user who is not authorized to access Aviatrix), aka XML Signature...
Aviatrix Controller
6.5
CVSSv3
CVE-2020-13416
An issue exists in Aviatrix Controller prior to 5.4.1066. A Controller Web Interface session token parameter is not required on an API call, which opens the application up to a Cross Site Request Forgery (CSRF) vulnerability for password resets.
Aviatrix Controller
7.5
CVSSv3
CVE-2020-27569
Arbitrary File Write exists in Aviatrix VPN Client 2.8.2 and previous versions. The VPN service writes logs to a location that is world writable and can be leveraged to gain write access to any file on the system.
Aviatrix Openvpn
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32744
privilege escalation
CVE-2024-30253
CVE-2024-3914
cross-site scripting
CVE-2024-31497
CVE-2024-3400
CVE-2024-32341
hardcoded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »