CVE-2020-13413

Опубликовано: 22 мая 2020

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

An issue was discovered in Aviatrix Controller before 5.4.1204. There is a Observable Response Discrepancy from the API, which makes it easier to perform user enumeration via brute force.

Ссылки

https://docs.aviatrix.com/HowTos/security_bulletin_article.html#observable-response-discrepancy-from-api
Vendor Advisory
https://www.criticalstart.com/multiple-vulnerabilities-discovered-in-aviatrix/
Exploit
Third Party Advisory
https://docs.aviatrix.com/HowTos/security_bulletin_article.html#observable-response-discrepancy-from-api
Vendor Advisory
https://www.criticalstart.com/multiple-vulnerabilities-discovered-in-aviatrix/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:aviatrix:controller:*:*:*:*:*:*:*:*

Версия до 5.4.1204 (исключая)

cpe:2.3:a:aviatrix:vpn_client:2.8.2:*:*:*:*:*:*:*

EPSS

Процентиль: 59%

0.00376

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-203

Связанные уязвимости

GHSA-8c4p-575f-fq4h

github

больше 3 лет назад