Vulnerability Details CVE-2020-13413
An issue was discovered in Aviatrix Controller before 5.4.1204. There is a Observable Response Discrepancy from the API, which makes it easier to perform user enumeration via brute force.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 58.4%
CVSS Severity
CVSS v3 Score 5.3
CVSS v2 Score 5.0
References
- https://docs.aviatrix.com/HowTos/security_bulletin_article.html#observable-response-discrepancy-from-api
- https://www.criticalstart.com/multiple-vulnerabilities-discovered-in-aviatrix/
- https://docs.aviatrix.com/HowTos/security_bulletin_article.html#observable-response-discrepancy-from-api
- https://www.criticalstart.com/multiple-vulnerabilities-discovered-in-aviatrix/
Products affected by CVE-2020-13413
-
cpe:2.3:a:aviatrix:controller:2.5
-
cpe:2.3:a:aviatrix:controller:2.6
-
cpe:2.3:a:aviatrix:controller:2.7
-
cpe:2.3:a:aviatrix:controller:3.0
-
cpe:2.3:a:aviatrix:controller:3.1
-
cpe:2.3:a:aviatrix:controller:3.2
-
cpe:2.3:a:aviatrix:controller:3.3
-
cpe:2.3:a:aviatrix:controller:3.4
-
cpe:2.3:a:aviatrix:controller:3.5
-
cpe:2.3:a:aviatrix:controller:4.0
-
cpe:2.3:a:aviatrix:controller:4.1.914
-
cpe:2.3:a:aviatrix:controller:4.1.946
-
cpe:2.3:a:aviatrix:controller:4.2.634
-
cpe:2.3:a:aviatrix:controller:4.2.740
-
cpe:2.3:a:aviatrix:controller:4.2.764
-
cpe:2.3:a:aviatrix:controller:4.3.1230
-
cpe:2.3:a:aviatrix:controller:4.3.1262
-
cpe:2.3:a:aviatrix:controller:4.3.1275
-
cpe:2.3:a:aviatrix:controller:4.6.587
-
cpe:2.3:a:aviatrix:controller:4.7.378
-
cpe:2.3:a:aviatrix:controller:4.7.419
-
cpe:2.3:a:aviatrix:controller:4.7.473
-
cpe:2.3:a:aviatrix:controller:4.7.494
-
cpe:2.3:a:aviatrix:controller:4.7.501
-
cpe:2.3:a:aviatrix:controller:4.7.581
-
cpe:2.3:a:aviatrix:controller:4.7.590
-
cpe:2.3:a:aviatrix:controller:5.0.2667
-
cpe:2.3:a:aviatrix:controller:5.0.2754
-
cpe:2.3:a:aviatrix:controller:5.0.2768
-
cpe:2.3:a:aviatrix:controller:5.0.2773
-
cpe:2.3:a:aviatrix:controller:5.0.2782
-
cpe:2.3:a:aviatrix:controller:5.1.1016
-
cpe:2.3:a:aviatrix:controller:5.1.1183
-
cpe:2.3:a:aviatrix:controller:5.1.842
-
cpe:2.3:a:aviatrix:controller:5.1.845
-
cpe:2.3:a:aviatrix:controller:5.1.935
-
cpe:2.3:a:aviatrix:controller:5.1.943
-
cpe:2.3:a:aviatrix:controller:5.1.962
-
cpe:2.3:a:aviatrix:controller:5.1.969
-
cpe:2.3:a:aviatrix:controller:5.1.973
-
cpe:2.3:a:aviatrix:controller:5.1.989
-
cpe:2.3:a:aviatrix:controller:5.2.1991
-
cpe:2.3:a:aviatrix:controller:5.2.2011
-
cpe:2.3:a:aviatrix:controller:5.2.2047
-
cpe:2.3:a:aviatrix:controller:5.2.2071
-
cpe:2.3:a:aviatrix:controller:5.2.2092
-
cpe:2.3:a:aviatrix:controller:5.2.2122
-
cpe:2.3:a:aviatrix:controller:5.3
-
cpe:2.3:a:aviatrix:controller:5.3.1391
-
cpe:2.3:a:aviatrix:controller:5.3.1399
-
cpe:2.3:a:aviatrix:controller:5.3.1428
-
cpe:2.3:a:aviatrix:controller:5.3.1468
-
cpe:2.3:a:aviatrix:controller:5.3.1491
-
cpe:2.3:a:aviatrix:controller:5.3.1499
-
cpe:2.3:a:aviatrix:controller:5.3.1516
-
cpe:2.3:a:aviatrix:controller:5.3.1524
-
cpe:2.3:a:aviatrix:controller:5.4.1066
-
cpe:2.3:a:aviatrix:controller:5.4.1074
-
cpe:2.3:a:aviatrix:controller:5.4.1140
-
cpe:2.3:a:aviatrix:controller:5.4.1201
-
cpe:2.3:a:aviatrix:vpn_client:2.8.2