Vulnerability Details CVE-2020-13412
An issue was discovered in Aviatrix Controller before 5.4.1204. An API call on the web interface lacked a session token check to control access, leading to CSRF.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 33.8%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.8
References
Products affected by CVE-2020-13412
-
cpe:2.3:a:aviatrix:controller:2.5
-
cpe:2.3:a:aviatrix:controller:2.6
-
cpe:2.3:a:aviatrix:controller:2.7
-
cpe:2.3:a:aviatrix:controller:3.0
-
cpe:2.3:a:aviatrix:controller:3.1
-
cpe:2.3:a:aviatrix:controller:3.2
-
cpe:2.3:a:aviatrix:controller:3.3
-
cpe:2.3:a:aviatrix:controller:3.4
-
cpe:2.3:a:aviatrix:controller:3.5
-
cpe:2.3:a:aviatrix:controller:4.0
-
cpe:2.3:a:aviatrix:controller:4.1.914
-
cpe:2.3:a:aviatrix:controller:4.1.946
-
cpe:2.3:a:aviatrix:controller:4.2.634
-
cpe:2.3:a:aviatrix:controller:4.2.740
-
cpe:2.3:a:aviatrix:controller:4.2.764
-
cpe:2.3:a:aviatrix:controller:4.3.1230
-
cpe:2.3:a:aviatrix:controller:4.3.1262
-
cpe:2.3:a:aviatrix:controller:4.3.1275
-
cpe:2.3:a:aviatrix:controller:4.6.587
-
cpe:2.3:a:aviatrix:controller:4.7.378
-
cpe:2.3:a:aviatrix:controller:4.7.419
-
cpe:2.3:a:aviatrix:controller:4.7.473
-
cpe:2.3:a:aviatrix:controller:4.7.494
-
cpe:2.3:a:aviatrix:controller:4.7.501
-
cpe:2.3:a:aviatrix:controller:4.7.581
-
cpe:2.3:a:aviatrix:controller:4.7.590
-
cpe:2.3:a:aviatrix:controller:5.0.2667
-
cpe:2.3:a:aviatrix:controller:5.0.2754
-
cpe:2.3:a:aviatrix:controller:5.0.2768
-
cpe:2.3:a:aviatrix:controller:5.0.2773
-
cpe:2.3:a:aviatrix:controller:5.0.2782
-
cpe:2.3:a:aviatrix:controller:5.1.1016
-
cpe:2.3:a:aviatrix:controller:5.1.1183
-
cpe:2.3:a:aviatrix:controller:5.1.842
-
cpe:2.3:a:aviatrix:controller:5.1.845
-
cpe:2.3:a:aviatrix:controller:5.1.935
-
cpe:2.3:a:aviatrix:controller:5.1.943
-
cpe:2.3:a:aviatrix:controller:5.1.962
-
cpe:2.3:a:aviatrix:controller:5.1.969
-
cpe:2.3:a:aviatrix:controller:5.1.973
-
cpe:2.3:a:aviatrix:controller:5.1.989
-
cpe:2.3:a:aviatrix:controller:5.2.1991
-
cpe:2.3:a:aviatrix:controller:5.2.2011
-
cpe:2.3:a:aviatrix:controller:5.2.2047
-
cpe:2.3:a:aviatrix:controller:5.2.2071
-
cpe:2.3:a:aviatrix:controller:5.2.2092
-
cpe:2.3:a:aviatrix:controller:5.2.2122
-
cpe:2.3:a:aviatrix:controller:5.3
-
cpe:2.3:a:aviatrix:controller:5.3.1391
-
cpe:2.3:a:aviatrix:controller:5.3.1399
-
cpe:2.3:a:aviatrix:controller:5.3.1428
-
cpe:2.3:a:aviatrix:controller:5.3.1468
-
cpe:2.3:a:aviatrix:controller:5.3.1491
-
cpe:2.3:a:aviatrix:controller:5.3.1499
-
cpe:2.3:a:aviatrix:controller:5.3.1516
-
cpe:2.3:a:aviatrix:controller:5.3.1524
-
cpe:2.3:a:aviatrix:controller:5.4.1066
-
cpe:2.3:a:aviatrix:controller:5.4.1074
-
cpe:2.3:a:aviatrix:controller:5.4.1140
-
cpe:2.3:a:aviatrix:controller:5.4.1201