Avi Load Balancer: VMware Avi Load Balancer contains a remote code execution vulnerability.
Summary
VMware Avi Load Balancer contains a remote code execution vulnerability. A malicious user with network access may be able to access the Avi Control plane and execute code remotely. Affected versions: 32.1.1 (fixed in 32.1.2) 31.1.1 through 31.2.2 (fixed in 31.2.2-2p3) 30.1.1 through 30.2.6 (fixed in 30.2.7) 22.1.1 through 22.1.7 (fixed in 30.2.7)
What this means
In plain English
VMware Avi Load Balancer contains a remote code execution vulnerability. A malicious user with network access may be able to access the Avi Control plane and execute code remotely. Affected versions: 32.1.1 (fixed in 32.1.2) 31.1.1 through 31.2.2 (fixed in 31.2.2-2p3) 30.1.1 through 30.2.6 (fixed in 30.2.7) 22.1.1 through 22.1.7 (fixed in 30.2.7) Successful exploitation can let an attacker run code in the security context of the affected service or device.
Recommended action
Primary action: update to a vendor-listed fixed release: 32.1.1, 32.1.2, 31.1.1, 31.2.2, 30.1.1, 30.2.6, 30.2.7, 22.1.1, 22.1.7.
Rewritten locally from the scraped official advisory data above; no generative API is used. The vendor advisory is authoritative.
- Avi Load Balancer 32.1.1
- Avi Load Balancer 31.1.1 through 31.2.2
- Avi Load Balancer 30.1.1 through 30.2.6
- Avi Load Balancer 22.1.1 through 22.1.7
Official advisory · high-confidence parse· fetched 3 hours ago·verify at source
- 32.1.1
- 32.1.2
- 31.1.1
- 31.2.2
- 30.1.1
- 30.2.6
- 30.2.7
- 22.1.1
- 22.1.7
Official advisory · high-confidence parse· fetched 3 hours ago·verify at source
Mitigation
Upgrade to a fixed release: 32.1.1, 32.1.2, 31.1.1, 31.2.2, 30.1.1, 30.2.6. That is the remediation for this advisory.
The vendor advisory may list additional interim mitigations or workarounds not captured here — review it before change work.
Official advisory · high-confidence parse· fetched 3 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.