CVE-2020-13415

Published: May 22, 2020Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

An issue was discovered in Aviatrix Controller through 5.1. An attacker with any signed SAML assertion from the Identity Provider can establish a connection (even if that SAML assertion has expired or is from a user who is not authorized to access Aviatrix), aka XML Signature Wrapping.

Affected (1)

Products: Aviatrix: Controller

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Aviatrix Controller	Up to 5.1

Related CWEs

Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

References (2)

https://docs.aviatrix.com/HowTos/security_bulletin_article.html#xml-signature-wrapping-in-saml

Source: cve@mitre.org

ExploitVendor Advisory

https://docs.aviatrix.com/HowTos/security_bulletin_article.html#xml-signature-wrapping-in-saml

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitVendor Advisory

Timeline

No history available yet.