CVE Tools

aviatrix

Networking InfrastructureUScommercial

11

Cumulative CVEs

3

Monthly snapshots

#58

Peak rank

Top products

controller1 openvpn1 vpn client1

Latest CVEs

The 15 most recently published vulnerabilities affecting aviatrix.

CVE-2024-50603An issue was discovered in Aviatrix Controller before 7.1.4191 and 7.2.x before 7.2.4996. Due to the improper neutralization of special elements used in an OS command, an unauthenticated attacker i...KEV10.0Jan 8, 2025
CVE-2022-38368An issue was discovered in Aviatrix Gateway before 6.6.5712 and 6.7.x before 6.7.1376. Because Gateway API functions mishandle authentication, an authenticated VPN user can inject arbitrary commands.8.8Aug 15, 2022
CVE-2021-40870An issue was discovered in Aviatrix Controller 6.x before 6.5-1804.1922. Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitrary c...KEV9.8Sep 13, 2021
CVE-2021-31776Aviatrix VPN Client before 2.14.14 on Windows has an unquoted search path that enables local privilege escalation to the SYSTEM user, if the machine is misconfigured to allow unprivileged users to ...7.8Apr 29, 2021
CVE-2020-27569Arbitrary File Write exists in Aviatrix VPN Client 2.8.2 and earlier. The VPN service writes logs to a location that is world writable and can be leveraged to gain write access to any file on the s...7.5Apr 21, 2021
CVE-2020-27568Insecure File Permissions exist in Aviatrix Controller 5.3.1516. Several world writable files and directories were found in the controller resource. Note: All Aviatrix appliances are fully encrypte...7.5Apr 21, 2021
CVE-2020-26553An issue was discovered in Aviatrix Controller before R6.0.2483. Several APIs contain functions that allow arbitrary files to be uploaded to the web tree.9.8Nov 17, 2020
CVE-2020-26552An issue was discovered in Aviatrix Controller before R6.0.2483. Multiple executable files, that implement API endpoints, do not require a valid session ID for access.7.5Nov 17, 2020
CVE-2020-26551An issue was discovered in Aviatrix Controller before R5.3.1151. Encrypted key values are stored in a readable file.7.5Nov 17, 2020
CVE-2020-26550An issue was discovered in Aviatrix Controller before R5.3.1151. An encrypted file containing credentials to unrelated systems is protected by a three-character key.7.5Nov 17, 2020
CVE-2020-26549An issue was discovered in Aviatrix Controller before R5.4.1290. The htaccess protection mechanism to prevent requests to directories can be bypassed for file downloading.7.5Nov 17, 2020
CVE-2020-26548An issue was discovered in Aviatrix Controller before R5.4.1290. There is an insecure sudo rule: a user exists that can execute all commands as any user on the system.8.8Nov 17, 2020
CVE-2020-13412An issue was discovered in Aviatrix Controller before 5.4.1204. An API call on the web interface lacked a session token check to control access, leading to CSRF.8.8May 22, 2020
CVE-2020-13413An issue was discovered in Aviatrix Controller before 5.4.1204. There is a Observable Response Discrepancy from the API, which makes it easier to perform user enumeration via brute force.5.3May 22, 2020
CVE-2020-13414An issue was discovered in Aviatrix Controller before 5.4.1204. It contains credentials unused by the software.7.5May 22, 2020