CVE-2020-13417 — CVSS 9.8 (critical): An Elevation of Privilege issue was discovered in Aviatrix VPN Client before 2.10.7, because of an incomplete fix for CVE-2020-7224. This…
CVE-2020-26553 — CVSS 9.8 (critical): An issue was discovered in Aviatrix Controller before R6.0.2483. Several APIs contain functions that allow arbitrary files to be uploaded…
CVE-2020-13412 — CVSS 8.8 (high): An issue was discovered in Aviatrix Controller before 5.4.1204. An API call on the web interface lacked a session token check to control…
CVE-2020-26548 — CVSS 8.8 (high): An issue was discovered in Aviatrix Controller before R5.4.1290. There is an insecure sudo rule: a user exists that can execute all…
CVE-2020-13414 — CVSS 7.5 (high): An issue was discovered in Aviatrix Controller before 5.4.1204. It contains credentials unused by the software.
CVE-2020-26549 — CVSS 7.5 (high): An issue was discovered in Aviatrix Controller before R5.4.1290. The htaccess protection mechanism to prevent requests to directories can…
CVE-2020-26550 — CVSS 7.5 (high): An issue was discovered in Aviatrix Controller before R5.3.1151. An encrypted file containing credentials to unrelated systems is protected…
CVE-2020-26551 — CVSS 7.5 (high): An issue was discovered in Aviatrix Controller before R5.3.1151. Encrypted key values are stored in a readable file.
CVE-2020-26552 — CVSS 7.5 (high): An issue was discovered in Aviatrix Controller before R6.0.2483. Multiple executable files, that implement API endpoints, do not require a…
CVE-2020-13415 — CVSS 7.5 (high): An issue was discovered in Aviatrix Controller through 5.1. An attacker with any signed SAML assertion from the Identity Provider can…
CVE-2020-27568 — CVSS 7.5 (high): Insecure File Permissions exist in Aviatrix Controller 5.3.1516. Several world writable files and directories were found in the controller…
CVE-2020-13416 — CVSS 6.5 (medium): An issue was discovered in Aviatrix Controller before 5.4.1066. A Controller Web Interface session token parameter is not required on an…
CVE-2020-13413 — CVSS 5.3 (medium): An issue was discovered in Aviatrix Controller before 5.4.1204. There is a Observable Response Discrepancy from the API, which makes it…