Sign-up

ID

VAR-202208-1289


CVE

CVE-2022-38368


TITLE

Aviatrix  of  Gateway  Authentication vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-014534

DESCRIPTION

An issue was discovered in Aviatrix Gateway before 6.6.5712 and 6.7.x before 6.7.1376. Because Gateway API functions mishandle authentication, an authenticated VPN user can inject arbitrary commands. Aviatrix of Gateway There is an authentication vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Aviatrix Gateway versions prior to 6.6.5712 and 6.7.x versions prior to 6.7.1376 have security vulnerabilities

Trust: 1.71

sources: NVD: CVE-2022-38368 // JVNDB: JVNDB-2022-014534 // VULHUB: VHN-427671

AFFECTED PRODUCTS

vendor:aviatrixmodel:gatewayscope:ltversion:6.7.1376

Trust: 1.0

vendor:aviatrixmodel:gatewayscope:gteversion:6.7.0

Trust: 1.0

vendor:aviatrixmodel:gatewayscope:ltversion:6.6.5712

Trust: 1.0

vendor:aviatrixmodel:gatewayscope:eqversion:6.6.5712

Trust: 0.8

vendor:aviatrixmodel:gatewayscope:eqversion:6.7.0 that's all 6.7.1376

Trust: 0.8

vendor:aviatrixmodel:gatewayscope:eqversion: -

Trust: 0.8

vendor:aviatrixmodel:gatewayscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-014534 // NVD: CVE-2022-38368

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-38368
value: HIGH

Trust: 1.0

NVD: CVE-2022-38368
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202208-3114
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2022-38368
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2022-38368
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-014534 // CNNVD: CNNVD-202208-3114 // NVD: CVE-2022-38368

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.1

problemtype:Inappropriate authentication (CWE-287) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-427671 // JVNDB: JVNDB-2022-014534 // NVD: CVE-2022-38368

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202208-3114

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202208-3114

PATCH

title:Aviatrix Gateway Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=204675

Trust: 0.6

sources: CNNVD: CNNVD-202208-3114

EXTERNAL IDS

db:NVDid:CVE-2022-38368

Trust: 3.3

db:JVNDBid:JVNDB-2022-014534

Trust: 0.8

db:CNNVDid:CNNVD-202208-3114

Trust: 0.7

db:VULHUBid:VHN-427671

Trust: 0.1

sources: VULHUB: VHN-427671 // JVNDB: JVNDB-2022-014534 // CNNVD: CNNVD-202208-3114 // NVD: CVE-2022-38368

REFERENCES

url:https://docs.aviatrix.com/howtos/psirt_advisories.html#aviatrix-controller-and-gateways-unauthorized-access

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-38368

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-38368/

Trust: 0.6

sources: VULHUB: VHN-427671 // JVNDB: JVNDB-2022-014534 // CNNVD: CNNVD-202208-3114 // NVD: CVE-2022-38368

SOURCES

db:VULHUBid:VHN-427671
db:JVNDBid:JVNDB-2022-014534
db:CNNVDid:CNNVD-202208-3114
db:NVDid:CVE-2022-38368

LAST UPDATE DATE

2024-08-14T14:43:48.509000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-427671date:2022-08-16T00:00:00
db:JVNDBid:JVNDB-2022-014534date:2023-09-20T08:28:00
db:CNNVDid:CNNVD-202208-3114date:2022-08-17T00:00:00
db:NVDid:CVE-2022-38368date:2022-08-16T17:14:19.127

SOURCES RELEASE DATE

db:VULHUBid:VHN-427671date:2022-08-15T00:00:00
db:JVNDBid:JVNDB-2022-014534date:2023-09-20T00:00:00
db:CNNVDid:CNNVD-202208-3114date:2022-08-15T00:00:00
db:NVDid:CVE-2022-38368date:2022-08-15T22:15:21.477