6.8
CVSSv2

CVE-2020-13412

Published: 22/05/2020 Updated: 26/05/2020
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

An issue exists in Aviatrix Controller prior to 5.4.1204. An API call on the web interface lacked a session token check to control access, leading to CSRF.

Vulnerability Trend

Affected Products

Vendor Product Versions
AviatrixController2.5, 2.6, 2.7, 3.0, 3.1, 3.2, 3.3, 3.4, 3.5, 4.0, 4.1.914, 4.1.946, 4.2.634, 4.2.740, 4.2.764, 4.3.1230, 4.3.1262, 4.3.1275, 4.6.587, 4.7.378, 4.7.419, 4.7.473, 4.7.494, 4.7.501, 4.7.581, 4.7.590, 5.0.2667, 5.0.2754, 5.0.2768, 5.0.2773, 5.0.2782, 5.1.842, 5.1.845, 5.1.935, 5.1.943, 5.1.962, 5.1.969, 5.1.973, 5.1.989, 5.1.1016, 5.1.1183, 5.2.1991, 5.2.2011, 5.2.2047, 5.2.2071, 5.2.2092, 5.2.2122, 5.3.1391, 5.3.1399, 5.3.1428, 5.3.1468, 5.3.1491, 5.3.1499, 5.3.1516, 5.3.1524, 5.4.1066, 5.4.1074, 5.4.1140, 5.4.1201