CVE-2020-27568: 
Aviatrix Controller vulnerability analysis and mitigation

Insecure File Permissions vulnerability (CVE-2020-27568) was discovered in Aviatrix Controller version 5.3.1516. The vulnerability involves several world writable files and directories being found in the controller resource. Aviatrix notes that while this vulnerability exists, all Aviatrix appliances are fully encrypted as an extra layer of security (Aviatrix Docs).

The vulnerability is rated as MEDIUM severity with a CVSS v3.1 base score of 7.5 HIGH (Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). The issue stems from incorrect permission assignments that allowed world-writable access to several files and directories in the controller resource (NVD).

The vulnerability could allow unauthorized modification of affected files and directories due to excessive permissions, potentially compromising the integrity of the controller resource. However, the impact is partially mitigated by the fact that all Aviatrix appliances are fully encrypted (Aviatrix Docs).

The vulnerability was fixed in Controller R5.4.1290 (released 8/5/2020) and later versions. Users should upgrade their Aviatrix Controller to this version or newer to resolve the security issue (Aviatrix Docs).