Ava-460: Serial number could be leaked in man-in-the-middle attack

Release Date

14th March 2022.


Under specific video streaming circumstances the Aware instance serial number may be leaked during the Ava Smart Path negotiation.

Affected Products

  • Ava Cloud: before 28th June 2021.

Unaffected Products

  • Ava Aware: all versions.
  • Ava cameras: all versions.
  • Ava Cloud: from 28th June 2021.


A fix was deployed to the Ava Cloud on 28th June 2021. Ava Cloud customers do not need to take any additional action.

Vulnerability Information


There are no known mitigations for this issue.

Work arounds

There are no known work arounds for this issue.


Issue found internally by Ava Security.

Disclosure Timeline

  • 17/06/2021 Issue found internally by Ava Security
  • 17/06/2021 Root cause established
  • 17/06/2021 Fix identified
  • 28/06/2021 Patched Ava Cloud released
  • 14/03/2022 Vulnerability publicly disclosed