PT-2020-16451 · Aviatrix · Aviatrix Controller

Published

2020-11-17

Updated

2020-11-30

CVE-2020-26548

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Aviatrix Controller versions prior to R5.4.1290

Description An issue was discovered in Aviatrix Controller where there is an insecure sudo rule, allowing a user to execute all commands as any user on the system.

Recommendations For Aviatrix Controller versions prior to R5.4.1290, update to version R5.4.1290 or later to resolve the issue. As a temporary workaround, consider restricting the sudo privileges of the vulnerable user to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2020-26548

Affected Products

Aviatrix Controller

PT-2020-16451 · Aviatrix · Aviatrix Controller

CVE-2020-26548

Related Identifiers

Affected Products

References · 5