Known Vulnerabilities for products from Aviatrix
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Aviatrix".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2022-38368 json | An issue was discovered in Aviatrix Gateway before 6.6.5712 and 6.7.x before 6.7.1376. Because Gateway API functions mishandl... | 8.8 - HIGH | 2022-08-15 | 2022-08-16 |
| CVE-2021-40870 json | An issue was discovered in Aviatrix Controller 6.x before 6.5-1804.1922. Unrestricted upload of a file with a dangerous type ... | 9.8 - CRITICAL | 2021-09-13 | 2023-08-08 |
| CVE-2021-31776 json | Aviatrix VPN Client before 2.14.14 on Windows has an unquoted search path that enables local privilege escalation to the SYST... | 7.8 - HIGH | 2021-04-29 | 2021-05-13 |
| CVE-2020-27569 json | Arbitrary File Write exists in Aviatrix VPN Client 2.8.2 and earlier. The VPN service writes logs to a location that is world... | 7.5 - HIGH | 2021-04-21 | 2021-04-29 |
| CVE-2020-27568 json | Insecure File Permissions exist in Aviatrix Controller 5.3.1516. Several world writable files and directories were found in t... | 7.5 - HIGH | 2021-04-21 | 2022-07-12 |
| CVE-2020-26553 json | An issue was discovered in Aviatrix Controller before R6.0.2483. Several APIs contain functions that allow arbitrary files to... | 9.8 - CRITICAL | 2020-11-17 | 2020-11-23 |
| CVE-2020-26552 json | An issue was discovered in Aviatrix Controller before R6.0.2483. Multiple executable files, that implement API endpoints, do ... | 7.5 - HIGH | 2020-11-17 | 2021-07-21 |
| CVE-2020-26551 json | An issue was discovered in Aviatrix Controller before R5.3.1151. Encrypted key values are stored in a readable file. | 7.5 - HIGH | 2020-11-17 | 2020-11-23 |
| CVE-2020-26550 json | An issue was discovered in Aviatrix Controller before R5.3.1151. An encrypted file containing credentials to unrelated system... | 7.5 - HIGH | 2020-11-17 | 2021-07-21 |
| CVE-2020-26549 json | An issue was discovered in Aviatrix Controller before R5.4.1290. The htaccess protection mechanism to prevent requests to dir... | 7.5 - HIGH | 2020-11-17 | 2020-11-30 |
| CVE-2020-26548 json | An issue was discovered in Aviatrix Controller before R5.4.1290. There is an insecure sudo rule: a user exists that can execu... | 8.8 - HIGH | 2020-11-17 | 2020-11-30 |
| CVE-2020-13417 json | An Elevation of Privilege issue was discovered in Aviatrix VPN Client before 2.10.7, because of an incomplete fix for CVE-202... | 9.8 - CRITICAL | 2020-05-22 | 2021-09-16 |
| CVE-2020-13416 json | An issue was discovered in Aviatrix Controller before 5.4.1066. A Controller Web Interface session token parameter is not req... | 6.5 - MEDIUM | 2020-05-22 | 2020-05-26 |
| CVE-2020-13415 json | An issue was discovered in Aviatrix Controller through 5.1. An attacker with any signed SAML assertion from the Identity Prov... | 7.5 - HIGH | 2020-05-22 | 2020-05-26 |
| CVE-2020-13414 json | An issue was discovered in Aviatrix Controller before 5.4.1204. It contains credentials unused by the software. | 7.5 - HIGH | 2020-05-22 | 2021-12-01 |
| CVE-2020-13413 json | An issue was discovered in Aviatrix Controller before 5.4.1204. There is a Observable Response Discrepancy from the API, whic... | 5.3 - MEDIUM | 2020-05-22 | 2021-12-01 |
| CVE-2020-13412 json | An issue was discovered in Aviatrix Controller before 5.4.1204. An API call on the web interface lacked a session token check... | 8.8 - HIGH | 2020-05-22 | 2020-05-26 |
| CVE-2020-7224 json | The Aviatrix OpenVPN client through 2.5.7 on Linux, macOS, and Windows is vulnerable when OpenSSL parameters are altered from... | 9.8 - CRITICAL | 2020-04-16 | 2022-07-12 |
| CVE-2019-17388 json | Weak file permissions applied to the Aviatrix VPN Client through 2.2.10 installation directory on Windows and Linux allow a l... | 7.8 - HIGH | 2019-12-05 | 2020-08-24 |
| CVE-2019-17387 json | An authentication flaw in the AVPNC_RP service in Aviatrix VPN Client through 2.2.10 allows an attacker to gain elevated priv... | 7.8 - HIGH | 2019-12-05 | 2021-09-08 |
Known software with vulnerabilities from Aviatrix
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Aviatrix | Controller | 2.5 |
| Application | Aviatrix | Gateway | 5.3 |
| Application | Aviatrix | Openvpn | - |
| Application | Aviatrix | Vpn Client | 1.0 |