2nd March 2021.
A vulnerability in Ava Cloud made it possible for an unauthenticated attacker to create Ava Aware Cloud deployments. This could prevent legitimate users from creating Ava Aware Cloud deployments and deny access to existing deployments.
- Ava Cloud: After 30th September 2020 but before 2nd March 2021.
- Ava Aware: All versions.
- Ava Cameras: All versions.
- Ava Cloud: From 2nd March 2021.
A fix was deployed to the Ava Cloud on 2nd March 2021. Ava Cloud customers do not need to take any additional action.
There are no known mitigations for this issue.
There are no known work arounds for this issue.
Issue found internally by Ava Security.
- 25/02/2021 Issue found internally by Ava Security
- 25/02/2021 Root cause established
- 25/02/2021 Fix identified
- 02/03/2021 Patched Ava Cloud released
- 02/03/2021 Vulnerability publicly disclosed