PT-2020-16456 · Aviatrix · Aviatrix Controller

Published

2020-11-17

Updated

2020-11-23

CVE-2020-26553

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Aviatrix Controller versions prior to R6.0.2483

Description An issue was discovered in the Aviatrix Controller where several APIs contain functions that allow arbitrary files to be uploaded to the web tree.

Recommendations For versions prior to R6.0.2483, update to version R6.0.2483 or later to resolve the issue. As a temporary workaround, consider restricting access to the affected APIs to minimize the risk of exploitation.

Exploit

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2020-26553

Affected Products

Aviatrix Controller

PT-2020-16456 · Aviatrix · Aviatrix Controller

CVE-2020-26553

Weakness Enumeration

Related Identifiers

Affected Products

References · 5