Detects 'Unrestricted File Upload' vulnerability in Aviatrix Controller affects v. 6.x before 6.5-1804.1922.
Can be used by
Scan only one
CVE-2021-40870 Scanner Detail
Aviatrix Controller is a cloud network management platform that simplifies complex networking tasks on public clouds such as AWS, Azure, and Google Cloud. With this platform, network administrators can easily manage and monitor their cloud infrastructure from a single console. The product is designed to provide users with secure and reliable cloud connectivity.
However, a vulnerability was discovered in Aviatrix Controller 6.x versions before 6.5-1804.1922. Identified as CVE-2021-40870, the vulnerability allows unrestricted upload of files with dangerous types. An unauthenticated user can exploit directory traversal to execute arbitrary code, which poses a significant risk to the victim organization.
This vulnerability can lead to severe consequences if exploited. An attacker can use the vulnerability to gain unauthorized access to sensitive data, install malicious software, and cause a denial of service for critical services. Moreover, the attacker can compromise the cloud environment and use it for other malicious activities, such as cryptocurrency mining or launching further attacks on the organization.
Thanks to pro features of SecurityForEveryone.com, readers of this article can easily and quickly learn about vulnerabilities in their digital assets. The platform provides a comprehensive vulnerability scanning tool that can identify and prioritize vulnerabilities based on severity levels. Moreover, SecurityForEveryone.com offers actionable recommendations, including best practices and patches, to help organizations mitigate identified vulnerabilities and improve their overall security posture. By leveraging the expertise and resources of SecurityForEveryone.com, organizations can stay ahead of emerging threats and protect their digital assets from attackers.