Authentication Flaw in Aviatrix Gateway Products Exposes Command Injection Risk
CVE-2022-38368

8.8HIGH

Key Information:

Vendor: Aviatrix
Status: Gateway
Vendor: CVE Published:; 15 August 2022

Summary

A vulnerability in Aviatrix Gateway allows an authenticated VPN user to exploit improper handling of authentication within the Gateway API functions. This oversight enables an attacker to inject arbitrary commands, potentially compromising the security of the affected system. It is crucial for users of Aviatrix Gateway, especially those operating on versions prior to 6.6.5712 or 6.7.x prior to 6.7.1376, to be aware of this vulnerability and implement recommended security measures.

References

https://docs.aviatrix.com/HowTos/PSIRT_Advisories.html#av...

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 15, 2022
Vulnerability Reserved
Aug 15, 2022