Aviatrix Aviatrix

  1. Vendors
  2. Aviatrix

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Aviatrix product.

RSS Feeds for Aviatrix security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Aviatrix products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Aviatrix Sorted by Most Security Vulnerabilities since 2018

Aviatrix Controller12 vulnerabilities

Aviatrix Gateway2 vulnerabilities

Aviatrix Openvpn2 vulnerabilities

Aviatrix Vpn Client1 vulnerability

Known Exploited Aviatrix Vulnerabilities

The following Aviatrix vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Aviatrix Controllers OS Command Injection Vulnerability Aviatrix Controllers contain an OS command injection vulnerability that could allow an unauthenticated attacker to execute arbitrary code. Shell metacharacters can be sent to /v1/api in cloud_type for list_flightpath_destination_instances, or src_cloud_type for flightpath_connection_test.
CVE-2024-50603 Exploit Probability: 94.4% 		January 16, 2025
Aviatrix Controller Unrestricted Upload of File Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitrary code via directory traversal.
CVE-2021-40870 Exploit Probability: 94.2% 		January 18, 2022

Of the known exploited vulnerabilities above, 2 are in the top 1%, or the 99th percentile of the EPSS exploit probability rankings.

By the Year

In 2026 there have been 0 vulnerabilities in Aviatrix. Last year, in 2025 Aviatrix had 2 security vulnerabilities published. Right now, Aviatrix is on track to have less security vulnerabilities in 2026 than it did last year.




Year Vulnerabilities Average Score
2026 0 0.00
2025 2 10.00
2024 0 0.00
2023 0 0.00
2022 1 8.80
2021 3 8.27
2020 9 7.68

It may take a day or so for new Aviatrix vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Aviatrix Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2025-2171 Jun 23, 2025
Aviatrix Controller <7.1.4208,7.2.5090,8.0.0 - No Rate Limiting on Reset PIN(BF) Aviatrix Controller versions prior to 7.1.4208, 7.2.5090, and 8.0.0 do not enforce rate limiting on password reset attempts, allowing adversaries to brute force guess the 6-digit password reset PIN
Controller
CVE-2024-50603 Jan 08, 2025
Aviatrix Controller <=7.1.4191 Cmd Inject via /v1/api (CVE-2024-50603) An issue was discovered in Aviatrix Controller before 7.1.4191 and 7.2.x before 7.2.4996. Due to the improper neutralization of special elements used in an OS command, an unauthenticated attacker is able to execute arbitrary code. Shell metacharacters can be sent to /v1/api in cloud_type for list_flightpath_destination_instances, or src_cloud_type for flightpath_connection_test.
Controller
CVE-2022-38368 Aug 15, 2022
Aviatrix Gateway Auth Bypass Cmd Injection (6.6.5712 & <6.7.1376) An issue was discovered in Aviatrix Gateway before 6.6.5712 and 6.7.x before 6.7.1376. Because Gateway API functions mishandle authentication, an authenticated VPN user can inject arbitrary commands.
Gateway
CVE-2021-40870 Sep 13, 2021
An issue was discovered in Aviatrix Controller 6.x before 6.5-1804.1922 An issue was discovered in Aviatrix Controller 6.x before 6.5-1804.1922. Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitrary code via directory traversal.
Controller
CVE-2020-27568 Apr 21, 2021
Insecure File Permissions exist in Aviatrix Controller 5.3.1516 Insecure File Permissions exist in Aviatrix Controller 5.3.1516. Several world writable files and directories were found in the controller resource. Note: All Aviatrix appliances are fully encrypted. This is an extra layer of security.
Controller
CVE-2020-27569 Apr 21, 2021
Arbitrary File Write exists in Aviatrix VPN Client 2.8.2 and earlier Arbitrary File Write exists in Aviatrix VPN Client 2.8.2 and earlier. The VPN service writes logs to a location that is world writable and can be leveraged to gain write access to any file on the system.
Openvpn
CVE-2020-26548 Nov 17, 2020
An issue was discovered in Aviatrix Controller before R5.4.1290 An issue was discovered in Aviatrix Controller before R5.4.1290. There is an insecure sudo rule: a user exists that can execute all commands as any user on the system.
Controller
CVE-2020-26549 Nov 17, 2020
An issue was discovered in Aviatrix Controller before R5.4.1290 An issue was discovered in Aviatrix Controller before R5.4.1290. The htaccess protection mechanism to prevent requests to directories can be bypassed for file downloading.
Controller
CVE-2020-26550 Nov 17, 2020
An issue was discovered in Aviatrix Controller before R5.3.1151 An issue was discovered in Aviatrix Controller before R5.3.1151. An encrypted file containing credentials to unrelated systems is protected by a three-character key.
Controller
CVE-2020-26551 Nov 17, 2020
An issue was discovered in Aviatrix Controller before R5.3.1151 An issue was discovered in Aviatrix Controller before R5.3.1151. Encrypted key values are stored in a readable file.
Controller
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.