CVE-2022-38368
HIGHAviatrix Gateway <6.6.5712-6.7.1376 - Command Injection
Title source: llmDescription
An issue was discovered in Aviatrix Gateway before 6.6.5712 and 6.7.x before 6.7.1376. Because Gateway API functions mishandle authentication, an authenticated VPN user can inject arbitrary commands.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://docs.aviatrix.com/HowTos/PSIRT_Advisories.html#aviatrix-controller-and-gateways-unauthorized-access
Scores
CVSS v3
8.8
EPSS
0.0067
EPSS Percentile
47.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-287
Status
published
Products (1)
aviatrix/gateway
< 6.6.5712
Published
Aug 15, 2022
Tracked Since
Feb 18, 2026