Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
aviatrix vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2020-13417
An Elevation of Privilege issue exists in Aviatrix VPN Client prior to 2.10.7, because of an incomplete fix for CVE-2020-7224. This affects Linux, macOS, and Windows installations for certain OpenSSL parameters.
Aviatrix Controller
Aviatrix Gateway
Aviatrix Vpn Client
445
VMScore
CVE-2020-13414
An issue exists in Aviatrix Controller prior to 5.4.1204. It contains credentials unused by the software.
Aviatrix Controller
Aviatrix Gateway
445
VMScore
CVE-2020-13413
An issue exists in Aviatrix Controller prior to 5.4.1204. There is a Observable Response Discrepancy from the API, which makes it easier to perform user enumeration via brute force.
Aviatrix Controller
Aviatrix Vpn Client 2.8.2
668
VMScore
CVE-2020-7224
The Aviatrix OpenVPN client up to and including 2.5.7 on Linux, macOS, and Windows is vulnerable when OpenSSL parameters are altered from the issued value set; the parameters could allow unauthorized third-party libraries to load.
Aviatrix Openvpn
641
VMScore
CVE-2021-31776
Aviatrix VPN Client prior to 2.14.14 on Windows has an unquoted search path that enables local privilege escalation to the SYSTEM user, if the machine is misconfigured to allow unprivileged users to write to directories that are supposed to be restricted to administrators.
Aviatrix Vpn Client
668
VMScore
CVE-2021-40870
An issue exists in Aviatrix Controller 6.x prior to 6.5-1804.1922. Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitrary code via directory traversal.
Aviatrix Controller
3 Github repositories
641
VMScore
CVE-2019-17387
An authentication flaw in the AVPNC_RP service in Aviatrix VPN Client up to and including 2.2.10 allows an malicious user to gain elevated privileges through arbitrary code execution on Windows, Linux, and macOS.
Aviatrix Vpn Client
641
VMScore
CVE-2019-17388
Weak file permissions applied to the Aviatrix VPN Client up to and including 2.2.10 installation directory on Windows and Linux allow a local malicious user to execute arbitrary code by gaining elevated privileges through file modifications.
Aviatrix Vpn Client
NA
CVE-2022-38368
An issue exists in Aviatrix Gateway prior to 6.6.5712 and 6.7.x prior to 6.7.1376. Because Gateway API functions mishandle authentication, an authenticated VPN user can inject arbitrary commands.
Aviatrix Gateway
445
VMScore
CVE-2020-13415
An issue exists in Aviatrix Controller up to and including 5.1. An attacker with any signed SAML assertion from the Identity Provider can establish a connection (even if that SAML assertion has expired or is from a user who is not authorized to access Aviatrix), aka XML Signature...
Aviatrix Controller
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671
unauthorized
CVE-2024-4776
CVE-2024-3407
CVE-2024-26026
CVE-2024-32888
wireless
CVE-2024-4656
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »