File Upload Vulnerability in Aviatrix Controller by Aviatrix
CVE-2021-40870

9.8CRITICAL

Key Information:

Vendor: Aviatrix
Status: Controller
Vendor: CVE Published:; 13 September 2021

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 97%🦅 CISA Reported

Summary

A significant security flaw has been identified in Aviatrix Controller versions prior to 6.5-1804.1922, which permits the unrestricted upload of files with potentially harmful types. This vulnerability can be exploited by an unauthenticated user to perform directory traversal attacks, ultimately enabling the execution of arbitrary code on the affected system. It is essential for users of the Aviatrix Controller to assess and apply the necessary security updates to mitigate this risk.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply updates per vendor instructions.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2021-40870
Created by 0xAgun

CVE-2021-40870
Created by orangmuda

CVE-2021-40870
Created by JoyGhoshs