Vulnerability Details CVE-2020-13417
An Elevation of Privilege issue was discovered in Aviatrix VPN Client before 2.10.7, because of an incomplete fix for CVE-2020-7224. This affects Linux, macOS, and Windows installations for certain OpenSSL parameters.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.012
EPSS Ranking 77.7%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- https://docs.aviatrix.com/HowTos/security_bulletin_article.html#openvpn-client-elevation-of-privilege
- https://www.criticalstart.com/multiple-vulnerabilities-discovered-in-aviatrix/
- https://docs.aviatrix.com/HowTos/security_bulletin_article.html#openvpn-client-elevation-of-privilege
- https://www.criticalstart.com/multiple-vulnerabilities-discovered-in-aviatrix/
Products affected by CVE-2020-13417
-
cpe:2.3:a:aviatrix:controller:2.5
-
cpe:2.3:a:aviatrix:controller:2.6
-
cpe:2.3:a:aviatrix:controller:2.7
-
cpe:2.3:a:aviatrix:controller:3.0
-
cpe:2.3:a:aviatrix:controller:3.1
-
cpe:2.3:a:aviatrix:controller:3.2
-
cpe:2.3:a:aviatrix:controller:3.3
-
cpe:2.3:a:aviatrix:controller:3.4
-
cpe:2.3:a:aviatrix:controller:3.5
-
cpe:2.3:a:aviatrix:controller:4.0
-
cpe:2.3:a:aviatrix:controller:4.1.914
-
cpe:2.3:a:aviatrix:controller:4.1.946
-
cpe:2.3:a:aviatrix:controller:4.2.634
-
cpe:2.3:a:aviatrix:controller:4.2.740
-
cpe:2.3:a:aviatrix:controller:4.2.764
-
cpe:2.3:a:aviatrix:controller:4.3.1230
-
cpe:2.3:a:aviatrix:controller:4.3.1262
-
cpe:2.3:a:aviatrix:controller:4.3.1275
-
cpe:2.3:a:aviatrix:controller:4.6.587
-
cpe:2.3:a:aviatrix:controller:4.7.378
-
cpe:2.3:a:aviatrix:controller:4.7.419
-
cpe:2.3:a:aviatrix:controller:4.7.473
-
cpe:2.3:a:aviatrix:controller:4.7.494
-
cpe:2.3:a:aviatrix:controller:4.7.501
-
cpe:2.3:a:aviatrix:controller:4.7.581
-
cpe:2.3:a:aviatrix:controller:4.7.590
-
cpe:2.3:a:aviatrix:controller:5.0.2667
-
cpe:2.3:a:aviatrix:controller:5.0.2754
-
cpe:2.3:a:aviatrix:controller:5.0.2768
-
cpe:2.3:a:aviatrix:controller:5.0.2773
-
cpe:2.3:a:aviatrix:controller:5.0.2782
-
cpe:2.3:a:aviatrix:controller:5.1.1016
-
cpe:2.3:a:aviatrix:controller:5.1.1183
-
cpe:2.3:a:aviatrix:controller:5.1.842
-
cpe:2.3:a:aviatrix:controller:5.1.845
-
cpe:2.3:a:aviatrix:controller:5.1.935
-
cpe:2.3:a:aviatrix:controller:5.1.943
-
cpe:2.3:a:aviatrix:controller:5.1.962
-
cpe:2.3:a:aviatrix:controller:5.1.969
-
cpe:2.3:a:aviatrix:controller:5.1.973
-
cpe:2.3:a:aviatrix:controller:5.1.989
-
cpe:2.3:a:aviatrix:controller:5.2.1991
-
cpe:2.3:a:aviatrix:controller:5.2.2011
-
cpe:2.3:a:aviatrix:controller:5.2.2047
-
cpe:2.3:a:aviatrix:controller:5.2.2071
-
cpe:2.3:a:aviatrix:controller:5.2.2092
-
cpe:2.3:a:aviatrix:controller:5.2.2122
-
cpe:2.3:a:aviatrix:gateway:-
-
cpe:2.3:a:aviatrix:gateway:2.5
-
cpe:2.3:a:aviatrix:gateway:2.6
-
cpe:2.3:a:aviatrix:gateway:2.7
-
cpe:2.3:a:aviatrix:gateway:3.0
-
cpe:2.3:a:aviatrix:gateway:3.1
-
cpe:2.3:a:aviatrix:gateway:3.2
-
cpe:2.3:a:aviatrix:gateway:3.3
-
cpe:2.3:a:aviatrix:gateway:3.4
-
cpe:2.3:a:aviatrix:gateway:3.5
-
cpe:2.3:a:aviatrix:gateway:4.0
-
cpe:2.3:a:aviatrix:gateway:5.0.2667
-
cpe:2.3:a:aviatrix:vpn_client:-
-
cpe:2.3:a:aviatrix:vpn_client:1.0
-
cpe:2.3:a:aviatrix:vpn_client:1.1
-
cpe:2.3:a:aviatrix:vpn_client:1.10.6
-
cpe:2.3:a:aviatrix:vpn_client:1.2
-
cpe:2.3:a:aviatrix:vpn_client:1.3
-
cpe:2.3:a:aviatrix:vpn_client:1.4
-
cpe:2.3:a:aviatrix:vpn_client:1.5
-
cpe:2.3:a:aviatrix:vpn_client:1.6
-
cpe:2.3:a:aviatrix:vpn_client:1.7
-
cpe:2.3:a:aviatrix:vpn_client:1.8
-
cpe:2.3:a:aviatrix:vpn_client:1.9
-
cpe:2.3:a:aviatrix:vpn_client:2.0.3
-
cpe:2.3:a:aviatrix:vpn_client:2.1.3
-
cpe:2.3:a:aviatrix:vpn_client:2.2.10
-
cpe:2.3:a:aviatrix:vpn_client:2.3.10
-
cpe:2.3:a:aviatrix:vpn_client:2.4.10
-
cpe:2.3:a:aviatrix:vpn_client:2.5.7
-
cpe:2.3:a:aviatrix:vpn_client:2.8.2
-
cpe:2.3:o:apple:macos:-
-
cpe:2.3:o:linux:linux_kernel:-
-
cpe:2.3:o:microsoft:windows:-