Arbitrary Command Injection Vulnerability in Aviatrix Gateway

Arbitrary Command Injection Vulnerability in Aviatrix Gateway

CVE-2022-38368 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

An issue was discovered in Aviatrix Gateway before 6.6.5712 and 6.7.x before 6.7.1376. Because Gateway API functions mishandle authentication, an authenticated VPN user can inject arbitrary commands.

Learn more about our Api Penetration Testing.