CVE-2022-38368

2022-08-1520:59:09

mitre

www.cve.org

aviatrix gateway

authentication

injection

AI Score

8.8

Confidence

High

EPSS

0.001

Percentile

42.8%

JSON

An issue was discovered in Aviatrix Gateway before 6.6.5712 and 6.7.x before 6.7.1376. Because Gateway API functions mishandle authentication, an authenticated VPN user can inject arbitrary commands.

References

docs.aviatrix.com/HowTos/PSIRT_Advisories.html#aviatrix-controller-and-gateways-unauthorized-access