PT-2020-13524 · Aviatrix · Aviatrix Controller

Published

2020-05-22

Updated

2020-05-27

CVE-2020-13412

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Aviatrix Controller versions prior to 5.4.1204

Description An issue was discovered in the Aviatrix Controller where an API call on the web interface lacked a session token check to control access, leading to Cross-Site Request Forgery (CSRF).

Recommendations For versions prior to 5.4.1204, update to version 5.4.1204 or later to resolve the issue. As a temporary workaround, consider implementing additional access controls to mitigate the risk of CSRF attacks.

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2020-13412

Affected Products

Aviatrix Controller

PT-2020-13524 · Aviatrix · Aviatrix Controller

CVE-2020-13412

Weakness Enumeration

Related Identifiers

Affected Products

References · 5