Aviatrix CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

Known exploited Aviatrix CVE published 2025-01-16

CVE-2024-50603

CVE-2024-50603 is an Aviatrix Controllers OS command injection vulnerability that CISA added to the Known Exploited Vulnerabilities catalog on 2025-01-16. Because it is listed in KEV, defenders should treat it as a priority exposure rather than a routine advisory item. CISAs required action is to apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Known exploited Aviatrix CVE published 2022-01-18

CVE-2021-40870

CVE-2021-40870 is a vulnerability in Aviatrix Controller described as an unrestricted file upload issue. CISA lists it in the Known Exploited Vulnerabilities catalog, which raises the defensive urgency even though the supplied corpus does not include a full technical writeup or vendor remediation bulletin.