CVE-2022-38368

EPSS 0.43%
Veröffentlicht 15.08.2022 22:15:21
Zuletzt bearbeitet 21.11.2024 07:16:20
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An issue was discovered in Aviatrix Gateway before 6.6.5712 and 6.7.x before 6.7.1376. Because Gateway API functions mishandle authentication, an authenticated VPN user can inject arbitrary commands.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Aviatrix ≫ Gateway Version < 6.6.5712

Aviatrix ≫ Gateway Version >= 6.7.0 < 6.7.1376

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.43%	0.621

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://docs.aviatrix.com/HowTos/PSIRT_Advisories.html#aviatrix-controller-and-gateways-unauthorized-access

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-38368

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-38368

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-38368

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-38368