vulnerability
Aviatrix Controller: CVE-2021-40870: Relative Path Traversal
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | Sep 13, 2021 | May 12, 2025 | May 13, 2025 |
Severity
7
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
Sep 13, 2021
Added
May 12, 2025
Modified
May 13, 2025
Description
An issue was discovered in Aviatrix Controller 6.x before 6.5-1804.1922. Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitrary code via directory traversal.
Solution
aviatrix-controller-upgrade-latest
References
- CVE-2021-40870
- https://attackerkb.com/topics/CVE-2021-40870
- URL-https://docs.aviatrix.com/HowTos/UCC_Release_Notes.html#security-note-9-11-2021
- URL-https://wearetradecraft.com/advisories/tc-2021-0002/
- URL-http://packetstormsecurity.com/files/164461/Aviatrix-Controller-6.x-Path-Traversal-Code-Execution.html
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.