CVE-2021-40870
CVE-2021-40870
In short
The Aviatrix Controller allows anyone, without logging in, to upload dangerous files that can execute arbitrary code on the server. This happens because the system doesn't properly validate file types or prevent directory traversal attacks.
Technical detail
Aviatrix Controller 6.x before 6.5-1804.1922 suffers from an unauthenticated arbitrary file upload vulnerability combined with directory traversal. An attacker can bypass file type restrictions and write malicious files to arbitrary locations on the filesystem, achieving remote code execution without requiring authentication.
Summary generated and translated by AI from the official description.
An issue was discovered in Aviatrix Controller 6.x before 6.5-1804.1922. Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitrary code via directory traversal.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/apublic PoCs found — 5
githubgithub.com/0xAgun/CVE-2021-40870★ 16githubgithub.com/orangmuda/CVE-2021-40870★ 3githubgithub.com/JoyGhoshs/CVE-2021-40870★ 2githubgithub.com/System00-Security/CVE-2021-40870★ 0cve_referencepacketstormsecurity.com/files/164461/Aviatrix-Controller-6.x-Path-Traversal-Code-Execution.htmlunverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://packetstormsecurity.com/files/164461/Aviatrix-Controller-6.x-Path-Traversal-Code-Execution.htmlhttps://docs.aviatrix.com/HowTos/UCC_Release_Notes.html#security-note-9-11-2021https://wearetradecraft.com/advisories/tc-2021-0002/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-40870