CVE-2021-40870
CVE-2021-40870
Vexday Risk Score
100Fix now
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
Exploit maturity
Functional exploit
Popular PoC on GitHub (16 stars) — exploitation code widely available.
CVSS 9.8EPSS 93.0%KEV simPoC públicaNuclei simMetasploit —Patch —
Lifecycle
13 Sep 2021Published on NVD
07 Oct 2021Public PoC
18 Jan 2022Active exploitation (CISA KEV)
Weaponization speed
24 daysto first PoC
127 daysto active exploitation (KEV)
Recommendation: Patch as soon as possible — active exploitation confirmed.
In short
The Aviatrix Controller allows anyone, without logging in, to upload dangerous files that can execute arbitrary code on the server. This happens because the system doesn't properly validate file types or prevent directory traversal attacks.
Technical detail
Aviatrix Controller 6.x before 6.5-1804.1922 suffers from an unauthenticated arbitrary file upload vulnerability combined with directory traversal. An attacker can bypass file type restrictions and write malicious files to arbitrary locations on the filesystem, achieving remote code execution without requiring authentication.
Summary generated and translated by AI from the official description.
An issue was discovered in Aviatrix Controller 6.x before 6.5-1804.1922. Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitrary code via directory traversal.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/apublic PoCs found — 9
githubgithub.com/0xAgun/CVE-2021-40870★ 16githubgithub.com/orangmuda/CVE-2021-40870★ 3githubgithub.com/JoyGhoshs/CVE-2021-40870★ 2githubgithub.com/System00-Security/CVE-2021-40870★ 0cve_referencepacketstormsecurity.com/files/164461/Aviatrix-Controller-6.x-Path-Traversal-Code-Execution.htmlunverifiedvulncheckvulncheck.com/xdb/7c329c1f9967unverifiedvulncheckvulncheck.com/xdb/3bbd03015ca5unverifiedvulncheckvulncheck.com/xdb/cfa0cafc528dunverifiedvulncheckvulncheck.com/xdb/564210dea7a0unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
References
http://packetstormsecurity.com/files/164461/Aviatrix-Controller-6.x-Path-Traversal-Code-Execution.htmlhttps://docs.aviatrix.com/HowTos/UCC_Release_Notes.html#security-note-9-11-2021https://wearetradecraft.com/advisories/tc-2021-0002/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-40870