var-202208-1289
Vulnerability from variot
An issue was discovered in Aviatrix Gateway before 6.6.5712 and 6.7.x before 6.7.1376. Because Gateway API functions mishandle authentication, an authenticated VPN user can inject arbitrary commands. Aviatrix of Gateway There is an authentication vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Aviatrix Gateway versions prior to 6.6.5712 and 6.7.x versions prior to 6.7.1376 have security vulnerabilities
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202208-1289",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "aviatrix",
"version": "6.7.1376"
},
{
"model": "gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "aviatrix",
"version": "6.7.0"
},
{
"model": "gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "aviatrix",
"version": "6.6.5712"
},
{
"model": "gateway",
"scope": "eq",
"trust": 0.8,
"vendor": "aviatrix",
"version": "6.6.5712"
},
{
"model": "gateway",
"scope": "eq",
"trust": 0.8,
"vendor": "aviatrix",
"version": "6.7.0 that\u0027s all 6.7.1376"
},
{
"model": "gateway",
"scope": "eq",
"trust": 0.8,
"vendor": "aviatrix",
"version": null
},
{
"model": "gateway",
"scope": null,
"trust": 0.8,
"vendor": "aviatrix",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-014534"
},
{
"db": "NVD",
"id": "CVE-2022-38368"
}
]
},
"cve": "CVE-2022-38368",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2022-38368",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-38368",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-38368",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-38368",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202208-3114",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-014534"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-3114"
},
{
"db": "NVD",
"id": "CVE-2022-38368"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in Aviatrix Gateway before 6.6.5712 and 6.7.x before 6.7.1376. Because Gateway API functions mishandle authentication, an authenticated VPN user can inject arbitrary commands. Aviatrix of Gateway There is an authentication vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Aviatrix Gateway versions prior to 6.6.5712 and 6.7.x versions prior to 6.7.1376 have security vulnerabilities",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-38368"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014534"
},
{
"db": "VULHUB",
"id": "VHN-427671"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-38368",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014534",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202208-3114",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-427671",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-427671"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014534"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-3114"
},
{
"db": "NVD",
"id": "CVE-2022-38368"
}
]
},
"id": "VAR-202208-1289",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-427671"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T14:43:48.509000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Aviatrix Gateway Remediation measures for authorization problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=204675"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-3114"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.1
},
{
"problemtype": "Inappropriate authentication (CWE-287) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-427671"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014534"
},
{
"db": "NVD",
"id": "CVE-2022-38368"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://docs.aviatrix.com/howtos/psirt_advisories.html#aviatrix-controller-and-gateways-unauthorized-access"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-38368"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-38368/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-427671"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014534"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-3114"
},
{
"db": "NVD",
"id": "CVE-2022-38368"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-427671"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014534"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-3114"
},
{
"db": "NVD",
"id": "CVE-2022-38368"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-15T00:00:00",
"db": "VULHUB",
"id": "VHN-427671"
},
{
"date": "2023-09-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-014534"
},
{
"date": "2022-08-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-3114"
},
{
"date": "2022-08-15T22:15:21.477000",
"db": "NVD",
"id": "CVE-2022-38368"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-16T00:00:00",
"db": "VULHUB",
"id": "VHN-427671"
},
{
"date": "2023-09-20T08:28:00",
"db": "JVNDB",
"id": "JVNDB-2022-014534"
},
{
"date": "2022-08-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-3114"
},
{
"date": "2022-08-16T17:14:19.127000",
"db": "NVD",
"id": "CVE-2022-38368"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-3114"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Aviatrix\u00a0 of \u00a0Gateway\u00a0 Authentication vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-014534"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-3114"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…