Insecure File Permissions in Aviatrix Controller for Cloud Networking
CVE-2020-27568

7.5HIGH

Key Information:

Vendor: Aviatrix
Status: Controller
Vendor: CVE Published:; 21 April 2021

Summary

The Aviatrix Controller 5.3.1516 is affected by insecure file permissions, which result in several world-writable files and directories being present within the controller's resources. This issue poses a risk as unauthorized users may exploit these permissions to alter system configurations or access sensitive data. While all Aviatrix appliances maintain full encryption to enhance security, addressing this vulnerability is crucial to ensure a comprehensive security posture for users relying on Aviatrix for cloud networking solutions.

References

https://docs.aviatrix.com/HowTos/security_bulletin_articl...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 21, 2021
Vulnerability Reserved
Oct 21, 2020