cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-50603,https://securityvulnerability.io/vulnerability/CVE-2024-50603,Remote Code Execution Vulnerability in Aviatrix Controller by Aviatrix,"A vulnerability in Aviatrix Controller allows unauthenticated attackers to exploit improper handling of OS command elements. This security flaw enables the execution of arbitrary code through the manipulation of API requests by injecting shell metacharacters into the parameters 'cloud_type' and 'src_cloud_type'. If left unaddressed, this could lead to significant security breaches and unauthorized access to protected systems.",Aviatrix,Controller,9.8,CRITICAL,0.9243299961090088,true,2025-01-16T00:00:00.000Z,true,true,true,2025-01-08T21:00:38.000Z,true,true,false,,2025-01-08T00:00:00.000Z,3029
CVE-2021-40870,https://securityvulnerability.io/vulnerability/CVE-2021-40870,File Upload Vulnerability in Aviatrix Controller by Aviatrix,"A significant security flaw has been identified in Aviatrix Controller versions prior to 6.5-1804.1922, which permits the unrestricted upload of files with potentially harmful types. This vulnerability can be exploited by an unauthenticated user to perform directory traversal attacks, ultimately enabling the execution of arbitrary code on the affected system. It is essential for users of the Aviatrix Controller to assess and apply the necessary security updates to mitigate this risk.",Aviatrix,Controller,9.8,CRITICAL,0.9709399938583374,true,2022-01-18T00:00:00.000Z,false,false,true,2021-10-08T05:35:40.000Z,true,false,false,,2021-09-13T07:41:55.000Z,0
CVE-2020-27568,https://securityvulnerability.io/vulnerability/CVE-2020-27568,Insecure File Permissions in Aviatrix Controller for Cloud Networking,"The Aviatrix Controller 5.3.1516 is affected by insecure file permissions, which result in several world-writable files and directories being present within the controller's resources. This issue poses a risk as unauthorized users may exploit these permissions to alter system configurations or access sensitive data. While all Aviatrix appliances maintain full encryption to enhance security, addressing this vulnerability is crucial to ensure a comprehensive security posture for users relying on Aviatrix for cloud networking solutions.",Aviatrix,Controller,7.5,HIGH,0.000699999975040555,false,,false,false,false,,,false,false,,2021-04-21T21:16:44.000Z,0
CVE-2020-26553,https://securityvulnerability.io/vulnerability/CVE-2020-26553,Arbitrary File Upload Vulnerability in Aviatrix Controller,A vulnerability in Aviatrix Controller before version R6.0.2483 allows attackers to exploit several APIs facilitating arbitrary file uploads to the web tree. This issue may lead to unauthorized access and potentially compromise sensitive data within the affected systems.,Aviatrix,Controller,9.8,CRITICAL,0.013299999758601189,false,,false,false,false,,,false,false,,2020-11-17T20:59:00.000Z,0
CVE-2020-26552,https://securityvulnerability.io/vulnerability/CVE-2020-26552,Access Control Vulnerability in Aviatrix Controller by Aviatrix,"An access control vulnerability was identified in Aviatrix Controller versions before R6.0.2483, where multiple executable files responsible for implementing API endpoints did not enforce proper session ID validation for access. This oversight allows unauthorized users to interact with API functionalities without any necessary authentication, potentially exposing sensitive data or causing unauthorized changes.",Aviatrix,Controller,7.5,HIGH,0.001120000029914081,false,,false,false,false,,,false,false,,2020-11-17T20:58:07.000Z,0
CVE-2020-26551,https://securityvulnerability.io/vulnerability/CVE-2020-26551,Data Exposure Vulnerability in Aviatrix Controller by Aviatrix,A vulnerability exists in the Aviatrix Controller that allows encrypted key values to be stored in a file that is readable by unauthorized users. This exposure could potentially lead to sensitive data being compromised. Organizations using affected versions must take prompt action to mitigate risks associated with this vulnerability.,Aviatrix,Controller,7.5,HIGH,0.007840000092983246,false,,false,false,false,,,false,false,,2020-11-17T20:33:54.000Z,0
CVE-2020-26550,https://securityvulnerability.io/vulnerability/CVE-2020-26550,Weak Key Encryption Vulnerability in Aviatrix Controller by Aviatrix,"A vulnerability was identified in Aviatrix Controller versions prior to R5.3.1151, where an encrypted file containing sensitive credentials for various systems is safeguarded by a three-character encryption key. This low-key complexity significantly compromises the security of the credentials, making them susceptible to unauthorized access and exploitation.",Aviatrix,Controller,7.5,HIGH,0.007840000092983246,false,,false,false,false,,,false,false,,2020-11-17T20:26:14.000Z,0
CVE-2020-26549,https://securityvulnerability.io/vulnerability/CVE-2020-26549,Directory Request Bypass Vulnerability in Aviatrix Controller,"A vulnerability in the Aviatrix Controller allows an attacker to bypass the htaccess protection mechanism designed to secure directory access. This weakness can enable unauthorized file downloads, potentially exposing sensitive information. This issue affects versions prior to R5.4.1290, and users are encouraged to update their installations to reinforce security against unprivileged access.",Aviatrix,Controller,7.5,HIGH,0.007840000092983246,false,,false,false,false,,,false,false,,2020-11-17T20:24:20.000Z,0
CVE-2020-26548,https://securityvulnerability.io/vulnerability/CVE-2020-26548,Insecure Sudo Rule in Aviatrix Controller Affects System Security,"An insecure sudo rule has been identified in Aviatrix Controller prior to version R5.4.1290, allowing a specific user to execute commands across the system as any user. This flaw poses significant risks to system integrity, enabling potential unauthorized access and command execution, which could lead to data breaches or system compromise. Prompt updates are necessary to mitigate these vulnerabilities and enhance system security.",Aviatrix,Controller,8.8,HIGH,0.0016499999910593033,false,,false,false,false,,,false,false,,2020-11-17T20:22:46.000Z,0
CVE-2020-13412,https://securityvulnerability.io/vulnerability/CVE-2020-13412,Cross-Site Request Forgery in Aviatrix Controller Products by Aviatrix,"Aviatrix Controller prior to version 5.4.1204 has a security flaw where an API call on the web interface does not verify session tokens. This oversight can lead to unauthorized actions being executed within the application, allowing attackers to perform malicious operations on behalf of legitimate users without their consent.",Aviatrix,Controller,8.8,HIGH,0.0007300000288523734,false,,false,false,false,,,false,false,,2020-05-22T20:48:50.000Z,0
CVE-2020-13413,https://securityvulnerability.io/vulnerability/CVE-2020-13413,Observable Response Discrepancy in Aviatrix Controller by Aviatrix,"Aviatrix Controller before version 5.4.1204 is susceptible to an observable response discrepancy issue from the API. This flaw can facilitate user enumeration attacks through brute force techniques, allowing malicious actors to identify valid usernames by analyzing differences in response times or formats. Implementing timely updates is essential to mitigate this security concern.",Aviatrix,"Controller,Vpn Client",5.3,MEDIUM,0.0013099999632686377,false,,false,false,false,,,false,false,,2020-05-22T20:48:39.000Z,0
CVE-2020-13414,https://securityvulnerability.io/vulnerability/CVE-2020-13414,Credential Exposure in Aviatrix Controller by Aviatrix,"Aviatrix Controller prior to version 5.4.1204 has a vulnerability that exposes unused credentials, which could lead to unauthorized access and compromise of sensitive information. It is advisable for users to upgrade to the latest version to mitigate any potential security risks associated with this issue.",Aviatrix,"Controller,Gateway",7.5,HIGH,0.003530000103637576,false,,false,false,false,,,false,false,,2020-05-22T20:48:31.000Z,0
CVE-2020-13415,https://securityvulnerability.io/vulnerability/CVE-2020-13415,SAML Assertion Exploit in Aviatrix Controller by Aviatrix,"A security flaw in Aviatrix Controller versions up to 5.1 allows attackers to exploit signed SAML assertions. This vulnerability enables unauthorized connections using expired assertions or those from users lacking valid access. Such XML Signature Wrapping can breach security protocols, compromising the integrity of the identity services utilized by Aviatrix.",Aviatrix,Controller,7.5,HIGH,0.0010600000387057662,false,,false,false,false,,,false,false,,2020-05-22T20:48:23.000Z,0
CVE-2020-13416,https://securityvulnerability.io/vulnerability/CVE-2020-13416,Cross Site Request Forgery in Aviatrix Controller Web Interface,"Aviatrix Controller prior to version 5.4.1066 contains a vulnerability that allows unauthorized API calls for password resets. The Controller Web Interface does not require a session token parameter, making it susceptible to Cross Site Request Forgery (CSRF) attacks. This flaw potentially enables malicious actors to initiate password resets on behalf of legitimate users, compromising account security.",Aviatrix,Controller,6.5,MEDIUM,0.0005300000193528831,false,,false,false,false,,,false,false,,2020-05-22T20:48:09.000Z,0
CVE-2020-13417,https://securityvulnerability.io/vulnerability/CVE-2020-13417,"Elevation of Privilege Vulnerability in Aviatrix VPN Client for Linux, macOS, and Windows","An Elevation of Privilege vulnerability was identified in the Aviatrix VPN Client prior to version 2.10.7, stemming from an incomplete remediation of a previous issue. This vulnerability impacts installations across Linux, macOS, and Windows platforms, specifically concerning certain OpenSSL parameters, potentially allowing attackers to gain unauthorized access.",Aviatrix,"Controller,Gateway,Vpn Client",9.8,CRITICAL,0.007819999940693378,false,,false,false,false,,,false,false,,2020-05-22T20:47:37.000Z,0