1. CVE-Search
  2. CVE-2020-13413
ID CVE-2020-13413
Summary An issue was discovered in Aviatrix Controller before 5.4.1204. There is a Observable Response Discrepancy from the API, which makes it easier to perform user enumeration via brute force.
References
Vulnerable Configurations
  • cpe:2.3:a:aviatrix:controller:2.5:*:*:*:*:*:*:*
    cpe:2.3:a:aviatrix:controller:2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:aviatrix:controller:2.6:*:*:*:*:*:*:*
    cpe:2.3:a:aviatrix:controller:2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:aviatrix:controller:2.7:*:*:*:*:*:*:*
    cpe:2.3:a:aviatrix:controller:2.7:*:*:*:*:*:*:*
  • cpe:2.3:a:aviatrix:controller:3.0:*:*:*:*:*:*:*
    cpe:2.3:a:aviatrix:controller:3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:aviatrix:controller:3.1:*:*:*:*:*:*:*
    cpe:2.3:a:aviatrix:controller:3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:aviatrix:controller:3.2:*:*:*:*:*:*:*
    cpe:2.3:a:aviatrix:controller:3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:aviatrix:controller:3.3:*:*:*:*:*:*:*
    cpe:2.3:a:aviatrix:controller:3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:aviatrix:controller:3.4:*:*:*:*:*:*:*
    cpe:2.3:a:aviatrix:controller:3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:aviatrix:controller:3.5:*:*:*:*:*:*:*
    cpe:2.3:a:aviatrix:controller:3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:aviatrix:controller:4.0:*:*:*:*:*:*:*
    cpe:2.3:a:aviatrix:controller:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:aviatrix:controller:4.1.914:*:*:*:*:*:*:*
    cpe:2.3:a:aviatrix:controller:4.1.914:*:*:*:*:*:*:*
  • cpe:2.3:a:aviatrix:controller:4.1.946:*:*:*:*:*:*:*
    cpe:2.3:a:aviatrix:controller:4.1.946:*:*:*:*:*:*:*
  • cpe:2.3:a:aviatrix:controller:4.2.634:*:*:*:*:*:*:*
    cpe:2.3:a:aviatrix:controller:4.2.634:*:*:*:*:*:*:*
  • cpe:2.3:a:aviatrix:controller:4.2.740:*:*:*:*:*:*:*
    cpe:2.3:a:aviatrix:controller:4.2.740:*:*:*:*:*:*:*
  • cpe:2.3:a:aviatrix:controller:4.2.764:*:*:*:*:*:*:*
    cpe:2.3:a:aviatrix:controller:4.2.764:*:*:*:*:*:*:*
  • cpe:2.3:a:aviatrix:controller:4.3.1230:*:*:*:*:*:*:*
    cpe:2.3:a:aviatrix:controller:4.3.1230:*:*:*:*:*:*:*
  • cpe:2.3:a:aviatrix:controller:4.3.1262:*:*:*:*:*:*:*
    cpe:2.3:a:aviatrix:controller:4.3.1262:*:*:*:*:*:*:*
  • cpe:2.3:a:aviatrix:controller:4.3.1275:*:*:*:*:*:*:*
    cpe:2.3:a:aviatrix:controller:4.3.1275:*:*:*:*:*:*:*
  • cpe:2.3:a:aviatrix:controller:4.6.587:*:*:*:*:*:*:*
    cpe:2.3:a:aviatrix:controller:4.6.587:*:*:*:*:*:*:*
  • cpe:2.3:a:aviatrix:controller:4.7.378:*:*:*:*:*:*:*
    cpe:2.3:a:aviatrix:controller:4.7.378:*:*:*:*:*:*:*
  • cpe:2.3:a:aviatrix:controller:4.7.419:*:*:*:*:*:*:*
    cpe:2.3:a:aviatrix:controller:4.7.419:*:*:*:*:*:*:*
  • cpe:2.3:a:aviatrix:controller:4.7.473:*:*:*:*:*:*:*
    cpe:2.3:a:aviatrix:controller:4.7.473:*:*:*:*:*:*:*
  • cpe:2.3:a:aviatrix:controller:4.7.494:*:*:*:*:*:*:*
    cpe:2.3:a:aviatrix:controller:4.7.494:*:*:*:*:*:*:*
  • cpe:2.3:a:aviatrix:controller:4.7.501:*:*:*:*:*:*:*
    cpe:2.3:a:aviatrix:controller:4.7.501:*:*:*:*:*:*:*
  • cpe:2.3:a:aviatrix:controller:4.7.581:*:*:*:*:*:*:*
    cpe:2.3:a:aviatrix:controller:4.7.581:*:*:*:*:*:*:*
  • cpe:2.3:a:aviatrix:controller:4.7.590:*:*:*:*:*:*:*
    cpe:2.3:a:aviatrix:controller:4.7.590:*:*:*:*:*:*:*
  • cpe:2.3:a:aviatrix:controller:5.0.2667:*:*:*:*:*:*:*
    cpe:2.3:a:aviatrix:controller:5.0.2667:*:*:*:*:*:*:*
  • cpe:2.3:a:aviatrix:controller:5.0.2754:*:*:*:*:*:*:*
    cpe:2.3:a:aviatrix:controller:5.0.2754:*:*:*:*:*:*:*
  • cpe:2.3:a:aviatrix:controller:5.0.2768:*:*:*:*:*:*:*
    cpe:2.3:a:aviatrix:controller:5.0.2768:*:*:*:*:*:*:*
  • cpe:2.3:a:aviatrix:controller:5.0.2773:*:*:*:*:*:*:*
    cpe:2.3:a:aviatrix:controller:5.0.2773:*:*:*:*:*:*:*
  • cpe:2.3:a:aviatrix:controller:5.0.2782:*:*:*:*:*:*:*
    cpe:2.3:a:aviatrix:controller:5.0.2782:*:*:*:*:*:*:*
  • cpe:2.3:a:aviatrix:controller:5.1.842:*:*:*:*:*:*:*
    cpe:2.3:a:aviatrix:controller:5.1.842:*:*:*:*:*:*:*
  • cpe:2.3:a:aviatrix:controller:5.1.845:*:*:*:*:*:*:*
    cpe:2.3:a:aviatrix:controller:5.1.845:*:*:*:*:*:*:*
  • cpe:2.3:a:aviatrix:controller:5.1.935:*:*:*:*:*:*:*
    cpe:2.3:a:aviatrix:controller:5.1.935:*:*:*:*:*:*:*
  • cpe:2.3:a:aviatrix:controller:5.1.943:*:*:*:*:*:*:*
    cpe:2.3:a:aviatrix:controller:5.1.943:*:*:*:*:*:*:*
  • cpe:2.3:a:aviatrix:controller:5.1.962:*:*:*:*:*:*:*
    cpe:2.3:a:aviatrix:controller:5.1.962:*:*:*:*:*:*:*
  • cpe:2.3:a:aviatrix:controller:5.1.969:*:*:*:*:*:*:*
    cpe:2.3:a:aviatrix:controller:5.1.969:*:*:*:*:*:*:*
  • cpe:2.3:a:aviatrix:controller:5.1.973:*:*:*:*:*:*:*
    cpe:2.3:a:aviatrix:controller:5.1.973:*:*:*:*:*:*:*
  • cpe:2.3:a:aviatrix:controller:5.1.989:*:*:*:*:*:*:*
    cpe:2.3:a:aviatrix:controller:5.1.989:*:*:*:*:*:*:*
  • cpe:2.3:a:aviatrix:controller:5.1.1016:*:*:*:*:*:*:*
    cpe:2.3:a:aviatrix:controller:5.1.1016:*:*:*:*:*:*:*
  • cpe:2.3:a:aviatrix:controller:5.1.1183:*:*:*:*:*:*:*
    cpe:2.3:a:aviatrix:controller:5.1.1183:*:*:*:*:*:*:*
  • cpe:2.3:a:aviatrix:controller:5.2.1991:*:*:*:*:*:*:*
    cpe:2.3:a:aviatrix:controller:5.2.1991:*:*:*:*:*:*:*
  • cpe:2.3:a:aviatrix:controller:5.2.2011:*:*:*:*:*:*:*
    cpe:2.3:a:aviatrix:controller:5.2.2011:*:*:*:*:*:*:*
  • cpe:2.3:a:aviatrix:controller:5.2.2047:*:*:*:*:*:*:*
    cpe:2.3:a:aviatrix:controller:5.2.2047:*:*:*:*:*:*:*
  • cpe:2.3:a:aviatrix:controller:5.2.2071:*:*:*:*:*:*:*
    cpe:2.3:a:aviatrix:controller:5.2.2071:*:*:*:*:*:*:*
  • cpe:2.3:a:aviatrix:controller:5.2.2092:*:*:*:*:*:*:*
    cpe:2.3:a:aviatrix:controller:5.2.2092:*:*:*:*:*:*:*
  • cpe:2.3:a:aviatrix:controller:5.2.2122:*:*:*:*:*:*:*
    cpe:2.3:a:aviatrix:controller:5.2.2122:*:*:*:*:*:*:*
  • cpe:2.3:a:aviatrix:controller:5.3:*:*:*:*:*:*:*
    cpe:2.3:a:aviatrix:controller:5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:aviatrix:controller:5.3.1391:*:*:*:*:*:*:*
    cpe:2.3:a:aviatrix:controller:5.3.1391:*:*:*:*:*:*:*
  • cpe:2.3:a:aviatrix:controller:5.3.1399:*:*:*:*:*:*:*
    cpe:2.3:a:aviatrix:controller:5.3.1399:*:*:*:*:*:*:*
  • cpe:2.3:a:aviatrix:controller:5.3.1428:*:*:*:*:*:*:*
    cpe:2.3:a:aviatrix:controller:5.3.1428:*:*:*:*:*:*:*
  • cpe:2.3:a:aviatrix:controller:5.3.1468:*:*:*:*:*:*:*
    cpe:2.3:a:aviatrix:controller:5.3.1468:*:*:*:*:*:*:*
  • cpe:2.3:a:aviatrix:controller:5.3.1491:*:*:*:*:*:*:*
    cpe:2.3:a:aviatrix:controller:5.3.1491:*:*:*:*:*:*:*
  • cpe:2.3:a:aviatrix:controller:5.3.1499:*:*:*:*:*:*:*
    cpe:2.3:a:aviatrix:controller:5.3.1499:*:*:*:*:*:*:*
  • cpe:2.3:a:aviatrix:controller:5.3.1516:*:*:*:*:*:*:*
    cpe:2.3:a:aviatrix:controller:5.3.1516:*:*:*:*:*:*:*
  • cpe:2.3:a:aviatrix:controller:5.3.1524:*:*:*:*:*:*:*
    cpe:2.3:a:aviatrix:controller:5.3.1524:*:*:*:*:*:*:*
  • cpe:2.3:a:aviatrix:controller:5.4.1066:*:*:*:*:*:*:*
    cpe:2.3:a:aviatrix:controller:5.4.1066:*:*:*:*:*:*:*
  • cpe:2.3:a:aviatrix:controller:5.4.1074:*:*:*:*:*:*:*
    cpe:2.3:a:aviatrix:controller:5.4.1074:*:*:*:*:*:*:*
  • cpe:2.3:a:aviatrix:controller:5.4.1140:*:*:*:*:*:*:*
    cpe:2.3:a:aviatrix:controller:5.4.1140:*:*:*:*:*:*:*
  • cpe:2.3:a:aviatrix:controller:5.4.1201:*:*:*:*:*:*:*
    cpe:2.3:a:aviatrix:controller:5.4.1201:*:*:*:*:*:*:*
  • cpe:2.3:a:aviatrix:vpn_client:2.8.2:*:*:*:*:*:*:*
    cpe:2.3:a:aviatrix:vpn_client:2.8.2:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 01-12-2021 - 01:33)
Impact:
Exploitability:
CWE CWE-203
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:N/A:N
refmap via4
misc
Last major update 01-12-2021 - 01:33
Published 22-05-2020 - 21:15
Last modified 01-12-2021 - 01:33
Back to Top