CVE-2021-40870: Aviatrix Controller Unrestricted Upload of File
First published: Mon Sep 13 2021(Updated: )
An issue was discovered in Aviatrix Controller 6.x before 6.5-1804.1922. Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitrary code via directory traversal.
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Aviatrix Controller | ||
| Aviatrix Controllers | >=6.2<6.2.2043 | |
| Aviatrix Controllers | >=6.3<6.3.2490 | |
| Aviatrix Controllers | >=6.4<6.4.2838 | |
| Aviatrix Controllers | >=6.5<6.5.1922 | |
| >=6.2<6.2.2043 | ||
| >=6.3<6.3.2490 | ||
| >=6.4<6.4.2838 | ||
| >=6.5<6.5.1922 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://packetstormsecurity.com/files/164461/Aviatrix-Controller-6.x-Path-Traversal-Code-Execution.html
- https://docs.aviatrix.com/HowTos/UCC_Release_Notes.html#security-note-9-11-2021
- https://wearetradecraft.com/advisories/tc-2021-0002/
- https://nvd.nist.gov/vuln/detail/CVE-2021-40870
- https://www.theregister.com/2025/01/13/severe_aviatrix_controller_vulnerability/
Frequently Asked Questions
What is CVE-2021-40870?
CVE-2021-40870 is a vulnerability in Aviatrix Controller that allows an unauthenticated user to execute arbitrary code via directory traversal.
How severe is CVE-2021-40870?
CVE-2021-40870 has a severity rating of 9.8 (critical).
Which software versions are affected by CVE-2021-40870?
Aviatrix Controller versions 6.2 before 6.2.2043, 6.3 before 6.3.2490, 6.4 before 6.4.2838, and 6.5 before 6.5.1922 are affected by CVE-2021-40870.
How can an unauthenticated user exploit CVE-2021-40870?
An unauthenticated user can exploit CVE-2021-40870 by uploading a file with a dangerous type through a directory traversal attack.
Are there any references for CVE-2021-40870?
Yes, you can find references for CVE-2021-40870 at the following links: [Link 1](http://packetstormsecurity.com/files/164461/Aviatrix-Controller-6.x-Path-Traversal-Code-Execution.html), [Link 2](https://docs.aviatrix.com/HowTos/UCC_Release_Notes.html#security-note-9-11-2021), [Link 3](https://wearetradecraft.com/advisories/tc-2021-0002/).
- agent/type
- agent/title
- agent/severity
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/author
- agent/softwarecombine
- collector/the-register
- source/The Register
- alias/CVE-2024-50603
- alias/CVE-2021-40870
- agent/references
- agent/trending
- agent/source
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/tags
- agent/event
- exploited/true
- collector/cisa-known-exploited
- source/CISA
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- collector/nvd-api
- source/NVD
- collector/nvd-cve
- vendor/aviatrix
- canonical/aviatrix controller
- canonical/aviatrix controllers
- version/aviatrix controllers/6.2
- version/aviatrix controllers/6.3
- version/aviatrix controllers/6.4
- version/aviatrix controllers/6.5