CVE-2021-40870 - Aviatrix Controller Unrestricted Upload of File
Project:Aviatrix
Product:Aviatrix Controller
Date Added:2022-01-18Due Date:2022-02-01
Vulnerability Name
Aviatrix Controller Unrestricted Upload of File
Description
Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitrary code via directory traversal.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply updates per vendor instructions.
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-40870