PT-2022-24390 · Aviatrix · Aviatrix Gateway
Published
2022-08-15
·
Updated
2022-08-16
·
CVE-2022-38368
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Aviatrix Gateway versions prior to 6.6.5712
Aviatrix Gateway versions 6.7.x prior to 6.7.1376
Description
An issue was discovered in Aviatrix Gateway where Gateway API functions mishandle authentication. This allows an authenticated VPN user to inject arbitrary commands.
Recommendations
For Aviatrix Gateway versions prior to 6.6.5712, update to version 6.6.5712 or later.
For Aviatrix Gateway versions 6.7.x prior to 6.7.1376, update to version 6.7.1376 or later.
As a temporary workaround, consider restricting access to the Gateway API functions until a patch is available.
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Aviatrix Gateway