Vulnerability Details CVE-2020-13416
An issue was discovered in Aviatrix Controller before 5.4.1066. A Controller Web Interface session token parameter is not required on an API call, which opens the application up to a Cross Site Request Forgery (CSRF) vulnerability for password resets.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 41.5%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.3
References
Products affected by CVE-2020-13416
-
cpe:2.3:a:aviatrix:controller:2.5
-
cpe:2.3:a:aviatrix:controller:2.6
-
cpe:2.3:a:aviatrix:controller:2.7
-
cpe:2.3:a:aviatrix:controller:3.0
-
cpe:2.3:a:aviatrix:controller:3.1
-
cpe:2.3:a:aviatrix:controller:3.2
-
cpe:2.3:a:aviatrix:controller:3.3
-
cpe:2.3:a:aviatrix:controller:3.4
-
cpe:2.3:a:aviatrix:controller:3.5
-
cpe:2.3:a:aviatrix:controller:4.0
-
cpe:2.3:a:aviatrix:controller:4.1.914
-
cpe:2.3:a:aviatrix:controller:4.1.946
-
cpe:2.3:a:aviatrix:controller:4.2.634
-
cpe:2.3:a:aviatrix:controller:4.2.740
-
cpe:2.3:a:aviatrix:controller:4.2.764
-
cpe:2.3:a:aviatrix:controller:4.3.1230
-
cpe:2.3:a:aviatrix:controller:4.3.1262
-
cpe:2.3:a:aviatrix:controller:4.3.1275
-
cpe:2.3:a:aviatrix:controller:4.6.587
-
cpe:2.3:a:aviatrix:controller:4.7.378
-
cpe:2.3:a:aviatrix:controller:4.7.419
-
cpe:2.3:a:aviatrix:controller:4.7.473
-
cpe:2.3:a:aviatrix:controller:4.7.494
-
cpe:2.3:a:aviatrix:controller:4.7.501
-
cpe:2.3:a:aviatrix:controller:4.7.581
-
cpe:2.3:a:aviatrix:controller:4.7.590
-
cpe:2.3:a:aviatrix:controller:5.0.2667
-
cpe:2.3:a:aviatrix:controller:5.0.2754
-
cpe:2.3:a:aviatrix:controller:5.0.2768
-
cpe:2.3:a:aviatrix:controller:5.0.2773
-
cpe:2.3:a:aviatrix:controller:5.0.2782
-
cpe:2.3:a:aviatrix:controller:5.1.1016
-
cpe:2.3:a:aviatrix:controller:5.1.1183
-
cpe:2.3:a:aviatrix:controller:5.1.842
-
cpe:2.3:a:aviatrix:controller:5.1.845
-
cpe:2.3:a:aviatrix:controller:5.1.935
-
cpe:2.3:a:aviatrix:controller:5.1.943
-
cpe:2.3:a:aviatrix:controller:5.1.962
-
cpe:2.3:a:aviatrix:controller:5.1.969
-
cpe:2.3:a:aviatrix:controller:5.1.973
-
cpe:2.3:a:aviatrix:controller:5.1.989
-
cpe:2.3:a:aviatrix:controller:5.2.1991
-
cpe:2.3:a:aviatrix:controller:5.2.2011
-
cpe:2.3:a:aviatrix:controller:5.2.2047
-
cpe:2.3:a:aviatrix:controller:5.2.2071
-
cpe:2.3:a:aviatrix:controller:5.2.2092
-
cpe:2.3:a:aviatrix:controller:5.2.2122
-
cpe:2.3:a:aviatrix:controller:5.3
-
cpe:2.3:a:aviatrix:controller:5.3.1391
-
cpe:2.3:a:aviatrix:controller:5.3.1399
-
cpe:2.3:a:aviatrix:controller:5.3.1428
-
cpe:2.3:a:aviatrix:controller:5.3.1468
-
cpe:2.3:a:aviatrix:controller:5.3.1491
-
cpe:2.3:a:aviatrix:controller:5.3.1499
-
cpe:2.3:a:aviatrix:controller:5.3.1516
-
cpe:2.3:a:aviatrix:controller:5.3.1524