All vulnerabilities
CVE-2021-40870
Aviatrix Controller Unrestricted Upload of File
Aviatrix — Aviatrix Controller
- Added to KEV catalog
- 18 January 2022
- Federal remediation due date
- 1 February 2022
- Weakness classification (CWE)
- CWE-25, CWE-96
CISA Description
Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitrary code via directory traversal.
Required action
Apply updates per vendor instructions.
Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-40870
More Aviatrix Vulnerabilities
Confirm Your Exposure
Is this vulnerability present in your environment?
CRS delivers independent VAPT assessments that identify exactly which known-exploited vulnerabilities exist in your network, applications, and infrastructure.
Explore VAPT Services