CVE-2020-26550

HIGH

Aviatrix Controller <R5.3.1151 - Info Disclosure

Title source: llm

Description

An issue was discovered in Aviatrix Controller before R5.3.1151. An encrypted file containing credentials to unrelated systems is protected by a three-character key.

References (1)

[Exploit, Third Party Advisory] https://www.criticalstart.com/multiple-vulnerabilities-discovered-in-aviatrix/

Scores

CVSS v3 7.5

EPSS 0.0024

EPSS Percentile 47.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-330

Status published

Products (1)

aviatrix/controller 5.3.1516

Published Nov 17, 2020

Tracked Since Feb 18, 2026