Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-38368

An issue was discovered in Aviatrix Gateway before 6.6.5712 and 6.7.x before 6.7.1376. Because Gateway API functions mishandle authentication, an authenticated VPN user can inject arbitrary commands.

Published

2022-08-15T22:15:21.477

Last Modified

2024-11-21T07:16:20.010

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

Weaknesses

Type: Primary
CWE-287

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	aviatrix	gateway	< 6.6.5712	Yes
Application	aviatrix	gateway	< 6.7.1376	Yes

References

https://docs.aviatrix.com/HowTos/PSIRT_Advisories.html#aviatrix-controller-and-gateways-unauthorized-access Vendor Advisory ([email protected])
https://docs.aviatrix.com/HowTos/PSIRT_Advisories.html#aviatrix-controller-and-gateways-unauthorized-access Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)