Arbitrary File Upload Vulnerability in Aviatrix Controller
CVE-2020-26553

9.8CRITICAL

Key Information:

Vendor: Aviatrix
Status: Controller
Vendor: CVE Published:; 17 November 2020

Summary

A vulnerability in Aviatrix Controller before version R6.0.2483 allows attackers to exploit several APIs facilitating arbitrary file uploads to the web tree. This issue may lead to unauthorized access and potentially compromise sensitive data within the affected systems.

References

https://www.criticalstart.com/multiple-vulnerabilities-di...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 17, 2020
Vulnerability Reserved
Oct 4, 2020