CVE-2022-38368

2022-08-1520:59:09

mitre

www.cve.org

8.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.8%

JSON

An issue was discovered in Aviatrix Gateway before 6.6.5712 and 6.7.x before 6.7.1376. Because Gateway API functions mishandle authentication, an authenticated VPN user can inject arbitrary commands.

References

docs.aviatrix.com/HowTos/PSIRT_Advisories.html#aviatrix-controller-and-gateways-unauthorized-access