CVE-2021-40870 — Aviatrix Controller Unrestricted Upload of File
2022-01-18 • CISA Known Exploited Vulnerability
[event] Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitrary code via directory traversal.
> AFFECTED SOFTWARE
| Field | Value |
|---|---|
| Vendor | Aviatrix |
| Product | Aviatrix Controller |
| CWE | CWE-25, CWE-96 |
| CVE ID | CVE-2021-40870 |
| Date Added | 2022-01-18 |
| Due Date | 2022-02-01 |
| Ransomware Campaign | Unknown |
> MITIGATION
Apply updates per vendor instructions.
Due Date: 2022-02-01