cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-50603,https://securityvulnerability.io/vulnerability/CVE-2024-50603,Remote Code Execution Vulnerability in Aviatrix Controller by Aviatrix,"A vulnerability in Aviatrix Controller allows unauthenticated attackers to exploit improper handling of OS command elements. This security flaw enables the execution of arbitrary code through the manipulation of API requests by injecting shell metacharacters into the parameters 'cloud_type' and 'src_cloud_type'. If left unaddressed, this could lead to significant security breaches and unauthorized access to protected systems.",Aviatrix,Controller,9.8,CRITICAL,0.9243299961090088,true,2025-01-16T00:00:00.000Z,true,true,true,2025-01-08T21:00:38.000Z,true,true,false,,2025-01-08T00:00:00.000Z,3029
CVE-2022-38368,https://securityvulnerability.io/vulnerability/CVE-2022-38368,Authentication Flaw in Aviatrix Gateway Products Exposes Command Injection Risk,"A vulnerability in Aviatrix Gateway allows an authenticated VPN user to exploit improper handling of authentication within the Gateway API functions. This oversight enables an attacker to inject arbitrary commands, potentially compromising the security of the affected system. It is crucial for users of Aviatrix Gateway, especially those operating on versions prior to 6.6.5712 or 6.7.x prior to 6.7.1376, to be aware of this vulnerability and implement recommended security measures.",Aviatrix,Gateway,8.8,HIGH,0.0010400000028312206,false,,false,false,false,,,false,false,,2022-08-15T20:59:09.000Z,0
CVE-2021-40870,https://securityvulnerability.io/vulnerability/CVE-2021-40870,File Upload Vulnerability in Aviatrix Controller by Aviatrix,"A significant security flaw has been identified in Aviatrix Controller versions prior to 6.5-1804.1922, which permits the unrestricted upload of files with potentially harmful types. This vulnerability can be exploited by an unauthenticated user to perform directory traversal attacks, ultimately enabling the execution of arbitrary code on the affected system. It is essential for users of the Aviatrix Controller to assess and apply the necessary security updates to mitigate this risk.",Aviatrix,Controller,9.8,CRITICAL,0.9709399938583374,true,2022-01-18T00:00:00.000Z,false,false,true,2021-10-08T05:35:40.000Z,true,false,false,,2021-09-13T07:41:55.000Z,0
CVE-2021-31776,https://securityvulnerability.io/vulnerability/CVE-2021-31776,Local Privilege Escalation in Aviatrix VPN Client on Windows,"The Aviatrix VPN Client for Windows prior to version 2.14.14 is susceptible to local privilege escalation due to an unquoted search path vulnerability. This flaw can be exploited by unprivileged users on misconfigured systems, potentially allowing them to write to directories intended solely for administrators, thereby escalating their privileges to the SYSTEM user level.",Aviatrix,Vpn Client,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2021-04-29T00:03:56.000Z,0
CVE-2020-27569,https://securityvulnerability.io/vulnerability/CVE-2020-27569,Arbitrary File Write Vulnerability in Aviatrix VPN Client,"The Aviatrix VPN Client versions up to 2.8.2 contain a vulnerability that allows arbitrary file write due to improper permissions on log file locations. As a result, attackers can exploit this weakness to gain write access to any file on the underlying system, potentially leading to sensitive data exposure or further system compromise.",Aviatrix,Openvpn,7.5,HIGH,0.000699999975040555,false,,false,false,false,,,false,false,,2021-04-21T21:23:07.000Z,0
CVE-2020-27568,https://securityvulnerability.io/vulnerability/CVE-2020-27568,Insecure File Permissions in Aviatrix Controller for Cloud Networking,"The Aviatrix Controller 5.3.1516 is affected by insecure file permissions, which result in several world-writable files and directories being present within the controller's resources. This issue poses a risk as unauthorized users may exploit these permissions to alter system configurations or access sensitive data. While all Aviatrix appliances maintain full encryption to enhance security, addressing this vulnerability is crucial to ensure a comprehensive security posture for users relying on Aviatrix for cloud networking solutions.",Aviatrix,Controller,7.5,HIGH,0.000699999975040555,false,,false,false,false,,,false,false,,2021-04-21T21:16:44.000Z,0
CVE-2020-26553,https://securityvulnerability.io/vulnerability/CVE-2020-26553,Arbitrary File Upload Vulnerability in Aviatrix Controller,A vulnerability in Aviatrix Controller before version R6.0.2483 allows attackers to exploit several APIs facilitating arbitrary file uploads to the web tree. This issue may lead to unauthorized access and potentially compromise sensitive data within the affected systems.,Aviatrix,Controller,9.8,CRITICAL,0.013299999758601189,false,,false,false,false,,,false,false,,2020-11-17T20:59:00.000Z,0
CVE-2020-26552,https://securityvulnerability.io/vulnerability/CVE-2020-26552,Access Control Vulnerability in Aviatrix Controller by Aviatrix,"An access control vulnerability was identified in Aviatrix Controller versions before R6.0.2483, where multiple executable files responsible for implementing API endpoints did not enforce proper session ID validation for access. This oversight allows unauthorized users to interact with API functionalities without any necessary authentication, potentially exposing sensitive data or causing unauthorized changes.",Aviatrix,Controller,7.5,HIGH,0.001120000029914081,false,,false,false,false,,,false,false,,2020-11-17T20:58:07.000Z,0
CVE-2020-26551,https://securityvulnerability.io/vulnerability/CVE-2020-26551,Data Exposure Vulnerability in Aviatrix Controller by Aviatrix,A vulnerability exists in the Aviatrix Controller that allows encrypted key values to be stored in a file that is readable by unauthorized users. This exposure could potentially lead to sensitive data being compromised. Organizations using affected versions must take prompt action to mitigate risks associated with this vulnerability.,Aviatrix,Controller,7.5,HIGH,0.007840000092983246,false,,false,false,false,,,false,false,,2020-11-17T20:33:54.000Z,0
CVE-2020-26550,https://securityvulnerability.io/vulnerability/CVE-2020-26550,Weak Key Encryption Vulnerability in Aviatrix Controller by Aviatrix,"A vulnerability was identified in Aviatrix Controller versions prior to R5.3.1151, where an encrypted file containing sensitive credentials for various systems is safeguarded by a three-character encryption key. This low-key complexity significantly compromises the security of the credentials, making them susceptible to unauthorized access and exploitation.",Aviatrix,Controller,7.5,HIGH,0.007840000092983246,false,,false,false,false,,,false,false,,2020-11-17T20:26:14.000Z,0
CVE-2020-26549,https://securityvulnerability.io/vulnerability/CVE-2020-26549,Directory Request Bypass Vulnerability in Aviatrix Controller,"A vulnerability in the Aviatrix Controller allows an attacker to bypass the htaccess protection mechanism designed to secure directory access. This weakness can enable unauthorized file downloads, potentially exposing sensitive information. This issue affects versions prior to R5.4.1290, and users are encouraged to update their installations to reinforce security against unprivileged access.",Aviatrix,Controller,7.5,HIGH,0.007840000092983246,false,,false,false,false,,,false,false,,2020-11-17T20:24:20.000Z,0
CVE-2020-26548,https://securityvulnerability.io/vulnerability/CVE-2020-26548,Insecure Sudo Rule in Aviatrix Controller Affects System Security,"An insecure sudo rule has been identified in Aviatrix Controller prior to version R5.4.1290, allowing a specific user to execute commands across the system as any user. This flaw poses significant risks to system integrity, enabling potential unauthorized access and command execution, which could lead to data breaches or system compromise. Prompt updates are necessary to mitigate these vulnerabilities and enhance system security.",Aviatrix,Controller,8.8,HIGH,0.0016499999910593033,false,,false,false,false,,,false,false,,2020-11-17T20:22:46.000Z,0
CVE-2020-13412,https://securityvulnerability.io/vulnerability/CVE-2020-13412,Cross-Site Request Forgery in Aviatrix Controller Products by Aviatrix,"Aviatrix Controller prior to version 5.4.1204 has a security flaw where an API call on the web interface does not verify session tokens. This oversight can lead to unauthorized actions being executed within the application, allowing attackers to perform malicious operations on behalf of legitimate users without their consent.",Aviatrix,Controller,8.8,HIGH,0.0007300000288523734,false,,false,false,false,,,false,false,,2020-05-22T20:48:50.000Z,0
CVE-2020-13413,https://securityvulnerability.io/vulnerability/CVE-2020-13413,Observable Response Discrepancy in Aviatrix Controller by Aviatrix,"Aviatrix Controller before version 5.4.1204 is susceptible to an observable response discrepancy issue from the API. This flaw can facilitate user enumeration attacks through brute force techniques, allowing malicious actors to identify valid usernames by analyzing differences in response times or formats. Implementing timely updates is essential to mitigate this security concern.",Aviatrix,"Controller,Vpn Client",5.3,MEDIUM,0.0013099999632686377,false,,false,false,false,,,false,false,,2020-05-22T20:48:39.000Z,0
CVE-2020-13414,https://securityvulnerability.io/vulnerability/CVE-2020-13414,Credential Exposure in Aviatrix Controller by Aviatrix,"Aviatrix Controller prior to version 5.4.1204 has a vulnerability that exposes unused credentials, which could lead to unauthorized access and compromise of sensitive information. It is advisable for users to upgrade to the latest version to mitigate any potential security risks associated with this issue.",Aviatrix,"Controller,Gateway",7.5,HIGH,0.003530000103637576,false,,false,false,false,,,false,false,,2020-05-22T20:48:31.000Z,0
CVE-2020-13415,https://securityvulnerability.io/vulnerability/CVE-2020-13415,SAML Assertion Exploit in Aviatrix Controller by Aviatrix,"A security flaw in Aviatrix Controller versions up to 5.1 allows attackers to exploit signed SAML assertions. This vulnerability enables unauthorized connections using expired assertions or those from users lacking valid access. Such XML Signature Wrapping can breach security protocols, compromising the integrity of the identity services utilized by Aviatrix.",Aviatrix,Controller,7.5,HIGH,0.0010600000387057662,false,,false,false,false,,,false,false,,2020-05-22T20:48:23.000Z,0
CVE-2020-13416,https://securityvulnerability.io/vulnerability/CVE-2020-13416,Cross Site Request Forgery in Aviatrix Controller Web Interface,"Aviatrix Controller prior to version 5.4.1066 contains a vulnerability that allows unauthorized API calls for password resets. The Controller Web Interface does not require a session token parameter, making it susceptible to Cross Site Request Forgery (CSRF) attacks. This flaw potentially enables malicious actors to initiate password resets on behalf of legitimate users, compromising account security.",Aviatrix,Controller,6.5,MEDIUM,0.0005300000193528831,false,,false,false,false,,,false,false,,2020-05-22T20:48:09.000Z,0
CVE-2020-13417,https://securityvulnerability.io/vulnerability/CVE-2020-13417,"Elevation of Privilege Vulnerability in Aviatrix VPN Client for Linux, macOS, and Windows","An Elevation of Privilege vulnerability was identified in the Aviatrix VPN Client prior to version 2.10.7, stemming from an incomplete remediation of a previous issue. This vulnerability impacts installations across Linux, macOS, and Windows platforms, specifically concerning certain OpenSSL parameters, potentially allowing attackers to gain unauthorized access.",Aviatrix,"Controller,Gateway,Vpn Client",9.8,CRITICAL,0.007819999940693378,false,,false,false,false,,,false,false,,2020-05-22T20:47:37.000Z,0
CVE-2020-7224,https://securityvulnerability.io/vulnerability/CVE-2020-7224,OpenVPN Client Vulnerability in Aviatrix Software Across Multiple Platforms,"The Aviatrix OpenVPN client versions prior to 2.5.7 on Linux, macOS, and Windows is susceptible to manipulation of OpenSSL parameters. This vulnerability enables the potential for unauthorized third-party libraries to load, posing a risk to the integrity and security of network communications. Users are advised to review their OpenVPN configurations and update to the latest version to mitigate potential threats.",Aviatrix,Openvpn,9.8,CRITICAL,0.004490000195801258,false,,false,false,false,,,false,false,,2020-04-16T17:26:45.000Z,0
CVE-2019-17388,https://securityvulnerability.io/vulnerability/CVE-2019-17388,Weak File Permission in Aviatrix VPN Client allows Arbitrary Code Execution,"The Aviatrix VPN Client has been found to have weak file permissions in its installation directory on both Windows and Linux platforms. This flaw enables a local attacker to manipulate files, potentially allowing them to execute arbitrary code by gaining elevated privileges. Such vulnerabilities highlight the importance of implementing stringent permission controls to safeguard sensitive applications from unauthorized access and exploits.",Aviatrix,Vpn Client,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2019-12-05T17:08:39.000Z,0
CVE-2019-17387,https://securityvulnerability.io/vulnerability/CVE-2019-17387,Authentication Vulnerability in Aviatrix VPN Client Affects Multiple Platforms,"An authentication vulnerability exists in the AVPNC_RP service of the Aviatrix VPN Client that allows attackers to execute arbitrary code, leading to elevated privileges on systems running Windows, Linux, and macOS. This weakness potentially enables unauthorized access to sensitive information and control over the affected devices, emphasizing the urgency for users to update their software to the latest versions to mitigate associated risks.",Aviatrix,Vpn Client,7.8,HIGH,0.001339999958872795,false,,false,false,false,,,false,false,,2019-12-05T17:07:48.000Z,0