Observable Response Discrepancy in Aviatrix Controller by Aviatrix
CVE-2020-13413
5.3MEDIUM
Summary
Aviatrix Controller before version 5.4.1204 is susceptible to an observable response discrepancy issue from the API. This flaw can facilitate user enumeration attacks through brute force techniques, allowing malicious actors to identify valid usernames by analyzing differences in response times or formats. Implementing timely updates is essential to mitigate this security concern.
References
CVSS V3.1
Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved