Vulnerabilities > Aviatrix

DATE CVE VULNERABILITY TITLE RISK
2020-11-17 CVE-2020-26548 Unspecified vulnerability in Aviatrix Controller 5.3.1516
An issue was discovered in Aviatrix Controller before R5.4.1290.
network
low complexity
aviatrix
8.8
8.8
2020-05-22 CVE-2020-13417 Unspecified vulnerability in Aviatrix Controller and Gateway
An Elevation of Privilege issue was discovered in Aviatrix VPN Client before 2.10.7, because of an incomplete fix for CVE-2020-7224.
network
low complexity
aviatrix
critical
 9.8
9.8
2020-05-22 CVE-2020-13416 Cross-Site Request Forgery (CSRF) vulnerability in Aviatrix Controller
An issue was discovered in Aviatrix Controller before 5.4.1066.
network
low complexity
aviatrix CWE-352
6.5
6.5
2020-05-22 CVE-2020-13415 Improper Verification of Cryptographic Signature vulnerability in Aviatrix Controller
An issue was discovered in Aviatrix Controller through 5.1.
network
low complexity
aviatrix CWE-347
7.5
7.5
2020-05-22 CVE-2020-13414 Use of Hard-coded Credentials vulnerability in Aviatrix Controller
An issue was discovered in Aviatrix Controller before 5.4.1204.
network
low complexity
aviatrix CWE-798
7.5
7.5
2020-05-22 CVE-2020-13413 Information Exposure Through Discrepancy vulnerability in Aviatrix Controller
An issue was discovered in Aviatrix Controller before 5.4.1204.
network
low complexity
aviatrix CWE-203
5.3
5.3
2020-05-22 CVE-2020-13412 Cross-Site Request Forgery (CSRF) vulnerability in Aviatrix Controller
An issue was discovered in Aviatrix Controller before 5.4.1204.
network
low complexity
aviatrix CWE-352
8.8
8.8
2020-04-16 CVE-2020-7224 Unspecified vulnerability in Aviatrix Openvpn
The Aviatrix OpenVPN client through 2.5.7 on Linux, macOS, and Windows is vulnerable when OpenSSL parameters are altered from the issued value set; the parameters could allow unauthorized third-party libraries to load.
network
low complexity
aviatrix
critical
 9.8
9.8
2019-12-05 CVE-2019-17388 Incorrect Permission Assignment for Critical Resource vulnerability in Aviatrix VPN Client
Weak file permissions applied to the Aviatrix VPN Client through 2.2.10 installation directory on Windows and Linux allow a local attacker to execute arbitrary code by gaining elevated privileges through file modifications.
local
low complexity
aviatrix CWE-732
7.8
7.8
2019-12-05 CVE-2019-17387 Unspecified vulnerability in Aviatrix VPN Client
An authentication flaw in the AVPNC_RP service in Aviatrix VPN Client through 2.2.10 allows an attacker to gain elevated privileges through arbitrary code execution on Windows, Linux, and macOS.
local
low complexity
aviatrix
7.8
7.8