CVE-2022-38368 Information

Description

An issue was discovered in Aviatrix Gateway before 6.6.5712 and 6.7.x before 6.7.1376. Because Gateway API functions mishandle authentication an authenticated VPN user can inject arbitrary commands.

Reference

https://docs.aviatrix.com/HowTos/PSIRT_Advisories.html#aviatrix-controller-and-gateways-unauthorized-access