14th March 2022.
An attacker with access to an Ava Aware deployment could claim servers that belong to another deployment.
This vulnerability has not been exploited and no servers have been affected.
- Ava Cloud: before 13th December 2021.
- Ava Aware: all versions.
- Ava Cameras: all versions.
- Ava Cloud: from 13th December 2021.
A fix was deployed to the Ava Cloud on 13th December 2021. Ava Cloud customers do not need to take any additional action.
- CVE: pending
- CVSSv3 score: 8.5 (High)
- CVSSv3 vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
There are no known mitigations for this issue.
There are no known work arounds for this issue.
- 02/12/2021 Issue found internally by Ava Security
- 02/12/2021 Root cause established
- 08/12/2021 Fix identified
- 13/12/2021 Patched Ava Cloud released
- 14/03/2022 Vulnerability publicly disclosed