HomePentest-Tools.com Logo

Aviatrix Controller 6.x before 6.5-1804.1922 - Remote Command Execution CVE-2021-40870

Severity
CVSSv3 Score
9.8
Vulnerability description

Aviatrix Controller 6.x before 6.5-1804.1922 contains a vulnerability that allows unrestricted upload of a file with a dangerous type, which allows an unauthenticated user to execute arbitrary code via directory traversal.

Risk description

The risk exists that a remote unauthenticated attacker can fully compromise the server to steal confidential information, install ransomware, or pivot to the internal network.

Recommendation

Upgrade Aviatrix Controller to version 6.5-1804.1922 or later to mitigate this vulnerability.

Codename
Not available
Detectable with
Network Scanner
Scan engine
Nuclei
Exploitable with Sniper
No
CVE Published
Sep 13, 2021
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available