Directory Request Bypass Vulnerability in Aviatrix Controller
CVE-2020-26549

7.5HIGH

Key Information:

Vendor: Aviatrix
Status: Controller
Vendor: CVE Published:; 17 November 2020

What is CVE-2020-26549?

A vulnerability in the Aviatrix Controller allows an attacker to bypass the htaccess protection mechanism designed to secure directory access. This weakness can enable unauthorized file downloads, potentially exposing sensitive information. This issue affects versions prior to R5.4.1290, and users are encouraged to update their installations to reinforce security against unprivileged access.

References

https://www.criticalstart.com/multiple-vulnerabilities-di...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 17, 2020
Vulnerability Reserved
Oct 4, 2020