CVE-2022-38368
First published: Mon Aug 15 2022(Updated: )
An issue was discovered in Aviatrix Gateway before 6.6.5712 and 6.7.x before 6.7.1376. Because Gateway API functions mishandle authentication, an authenticated VPN user can inject arbitrary commands.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Aviatrix Gateway | <6.6.5712 | |
| Aviatrix Gateway | >=6.7.0<6.7.1376 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-38368?
CVE-2022-38368 is a vulnerability discovered in Aviatrix Gateway before 6.6.5712 and 6.7.x before 6.7.1376 that allows an authenticated VPN user to inject arbitrary commands due to mishandled authentication in Gateway API functions.
What software versions are affected by CVE-2022-38368?
Aviatrix Gateway versions before 6.6.5712 and 6.7.x before 6.7.1376 are affected by CVE-2022-38368.
How severe is CVE-2022-38368?
CVE-2022-38368 has a severity rating of 8.8 (high).
How can an authenticated VPN user exploit CVE-2022-38368?
An authenticated VPN user can exploit CVE-2022-38368 by injecting arbitrary commands due to mishandled authentication in Gateway API functions.
Is there any fix or patch available for CVE-2022-38368?
The vendor has released fixes for CVE-2022-38368. It is recommended to update Aviatrix Gateway to version 6.6.5712 or 6.7.1376 to mitigate the vulnerability.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/tags
- agent/event
- agent/source
- vendor/aviatrix
- canonical/aviatrix gateway
- version/aviatrix gateway/6.7.0