Vulnerabilites related to aviatrix - gateway
var-202005-1047
Vulnerability from variot
An issue was discovered in Aviatrix Controller before 5.4.1204. It contains credentials unused by the software. Aviatrix Systems Controller is a centralized control panel for the business process and management of Aviatrix Systems solutions from Aviatrix Systems in the United States. A remote attacker could exploit this vulnerability to obtain sensitive information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202005-1047",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "aviatrix",
"version": "5.4.1204"
},
{
"model": "controller",
"scope": "lt",
"trust": 1.0,
"vendor": "aviatrix",
"version": "5.4.1204"
},
{
"model": "controller",
"scope": "eq",
"trust": 0.8,
"vendor": "aviatrix",
"version": "5.4.1204"
},
{
"model": "gateway",
"scope": null,
"trust": 0.8,
"vendor": "aviatrix",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005852"
},
{
"db": "NVD",
"id": "CVE-2020-13414"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:aviatrix:controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.4.1204",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aviatrix:gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.4.1204",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-13414"
}
]
},
"cve": "CVE-2020-13414",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-005852",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-166190",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-005852",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-13414",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-005852",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202005-1150",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-166190",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-166190"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005852"
},
{
"db": "NVD",
"id": "CVE-2020-13414"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1150"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in Aviatrix Controller before 5.4.1204. It contains credentials unused by the software. Aviatrix Systems Controller is a centralized control panel for the business process and management of Aviatrix Systems solutions from Aviatrix Systems in the United States. A remote attacker could exploit this vulnerability to obtain sensitive information",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-13414"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005852"
},
{
"db": "VULHUB",
"id": "VHN-166190"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-13414",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005852",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1150",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-166190",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-166190"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005852"
},
{
"db": "NVD",
"id": "CVE-2020-13414"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1150"
}
]
},
"id": "VAR-202005-1047",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-166190"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:56:13.839000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "PSIRT Advisories",
"trust": 0.8,
"url": "https://docs.aviatrix.com/howtos/security_bulletin_article.html#clean-up-old-code"
},
{
"title": "Aviatrix Systems Controller Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=119855"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005852"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1150"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.1
},
{
"problemtype": "CWE-522",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-166190"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005852"
},
{
"db": "NVD",
"id": "CVE-2020-13414"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://docs.aviatrix.com/howtos/security_bulletin_article.html#clean-up-old-code"
},
{
"trust": 1.7,
"url": "https://www.criticalstart.com/multiple-vulnerabilities-discovered-in-aviatrix/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13414"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-13414"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-166190"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005852"
},
{
"db": "NVD",
"id": "CVE-2020-13414"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1150"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-166190"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005852"
},
{
"db": "NVD",
"id": "CVE-2020-13414"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1150"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-22T00:00:00",
"db": "VULHUB",
"id": "VHN-166190"
},
{
"date": "2020-06-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005852"
},
{
"date": "2020-05-22T21:15:12.753000",
"db": "NVD",
"id": "CVE-2020-13414"
},
{
"date": "2020-05-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-1150"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-01T00:00:00",
"db": "VULHUB",
"id": "VHN-166190"
},
{
"date": "2020-06-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005852"
},
{
"date": "2021-12-01T01:36:48.770000",
"db": "NVD",
"id": "CVE-2020-13414"
},
{
"date": "2021-12-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-1150"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-1150"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Aviatrix Controller Vulnerability regarding inadequate protection of credentials in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005852"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-1150"
}
],
"trust": 0.6
}
}
var-202208-1289
Vulnerability from variot
An issue was discovered in Aviatrix Gateway before 6.6.5712 and 6.7.x before 6.7.1376. Because Gateway API functions mishandle authentication, an authenticated VPN user can inject arbitrary commands. Aviatrix of Gateway There is an authentication vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Aviatrix Gateway versions prior to 6.6.5712 and 6.7.x versions prior to 6.7.1376 have security vulnerabilities
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202208-1289",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "aviatrix",
"version": "6.6.5712"
},
{
"model": "gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "aviatrix",
"version": "6.7.1376"
},
{
"model": "gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "aviatrix",
"version": "6.7.0"
},
{
"model": "gateway",
"scope": "eq",
"trust": 0.8,
"vendor": "aviatrix",
"version": "6.6.5712"
},
{
"model": "gateway",
"scope": "eq",
"trust": 0.8,
"vendor": "aviatrix",
"version": "6.7.0 that\u0027s all 6.7.1376"
},
{
"model": "gateway",
"scope": "eq",
"trust": 0.8,
"vendor": "aviatrix",
"version": null
},
{
"model": "gateway",
"scope": null,
"trust": 0.8,
"vendor": "aviatrix",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-014534"
},
{
"db": "NVD",
"id": "CVE-2022-38368"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:aviatrix:gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.7.1376",
"versionStartIncluding": "6.7.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aviatrix:gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.6.5712",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-38368"
}
]
},
"cve": "CVE-2022-38368",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-38368",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-38368",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202208-3114",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-014534"
},
{
"db": "NVD",
"id": "CVE-2022-38368"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-3114"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in Aviatrix Gateway before 6.6.5712 and 6.7.x before 6.7.1376. Because Gateway API functions mishandle authentication, an authenticated VPN user can inject arbitrary commands. Aviatrix of Gateway There is an authentication vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Aviatrix Gateway versions prior to 6.6.5712 and 6.7.x versions prior to 6.7.1376 have security vulnerabilities",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-38368"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014534"
},
{
"db": "VULHUB",
"id": "VHN-427671"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-38368",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014534",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202208-3114",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-427671",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-427671"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014534"
},
{
"db": "NVD",
"id": "CVE-2022-38368"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-3114"
}
]
},
"id": "VAR-202208-1289",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-427671"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:41:47.215000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Aviatrix Gateway Remediation measures for authorization problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=204675"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-3114"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.1
},
{
"problemtype": "Inappropriate authentication (CWE-287) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-427671"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014534"
},
{
"db": "NVD",
"id": "CVE-2022-38368"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://docs.aviatrix.com/howtos/psirt_advisories.html#aviatrix-controller-and-gateways-unauthorized-access"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-38368"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-38368/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-427671"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014534"
},
{
"db": "NVD",
"id": "CVE-2022-38368"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-3114"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-427671"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014534"
},
{
"db": "NVD",
"id": "CVE-2022-38368"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-3114"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-15T00:00:00",
"db": "VULHUB",
"id": "VHN-427671"
},
{
"date": "2023-09-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-014534"
},
{
"date": "2022-08-15T22:15:21.477000",
"db": "NVD",
"id": "CVE-2022-38368"
},
{
"date": "2022-08-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-3114"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-16T00:00:00",
"db": "VULHUB",
"id": "VHN-427671"
},
{
"date": "2023-09-20T08:28:00",
"db": "JVNDB",
"id": "JVNDB-2022-014534"
},
{
"date": "2022-08-16T17:14:19.127000",
"db": "NVD",
"id": "CVE-2022-38368"
},
{
"date": "2022-08-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-3114"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-3114"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Aviatrix\u00a0 of \u00a0Gateway\u00a0 Authentication vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-014534"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-3114"
}
],
"trust": 0.6
}
}
Vulnerability from fkie_nvd
Published
2020-05-22 21:15
Modified
2024-11-21 05:01
Severity ?
Summary
An issue was discovered in Aviatrix Controller before 5.4.1204. It contains credentials unused by the software.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| aviatrix | controller | * | |
| aviatrix | gateway | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:aviatrix:controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2983AC91-B14A-454D-AE24-D15675465C6B",
"versionEndExcluding": "5.4.1204",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aviatrix:gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "906D05DB-541D-44D1-B810-8922012528B7",
"versionEndExcluding": "5.4.1204",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Aviatrix Controller before 5.4.1204. It contains credentials unused by the software."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Aviatrix Controller versiones anteriores a 5.4.1204. Contiene credenciales no utilizadas por el software."
}
],
"id": "CVE-2020-13414",
"lastModified": "2024-11-21T05:01:12.380",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-05-22T21:15:12.753",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://docs.aviatrix.com/HowTos/security_bulletin_article.html#clean-up-old-code"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.criticalstart.com/multiple-vulnerabilities-discovered-in-aviatrix/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://docs.aviatrix.com/HowTos/security_bulletin_article.html#clean-up-old-code"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.criticalstart.com/multiple-vulnerabilities-discovered-in-aviatrix/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-05-22 21:15
Modified
2024-11-21 05:01
Severity ?
Summary
An Elevation of Privilege issue was discovered in Aviatrix VPN Client before 2.10.7, because of an incomplete fix for CVE-2020-7224. This affects Linux, macOS, and Windows installations for certain OpenSSL parameters.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| aviatrix | controller | * | |
| aviatrix | gateway | * | |
| aviatrix | vpn_client | * | |
| apple | macos | - | |
| linux | linux_kernel | - | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:aviatrix:controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9CEA5A84-FF70-4D24-B503-F64A3B7CFF3B",
"versionEndExcluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aviatrix:gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5666CE84-692E-43AC-B53F-EA2848F7DF2E",
"versionEndExcluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aviatrix:vpn_client:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9F295DE8-DBB3-4681-B712-BF662065D8C4",
"versionEndExcluding": "2.10.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Elevation of Privilege issue was discovered in Aviatrix VPN Client before 2.10.7, because of an incomplete fix for CVE-2020-7224. This affects Linux, macOS, and Windows installations for certain OpenSSL parameters."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema de Elevaci\u00f3n de Privilegios en Aviatrix VPN Client versiones anteriores a 2.10.7, debido a una correcci\u00f3n incompleta para CVE-2020-7224. Esto afecta las instalaciones de Linux, macOS y Windows para determinados par\u00e1metros OpenSSL."
}
],
"id": "CVE-2020-13417",
"lastModified": "2024-11-21T05:01:12.817",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-05-22T21:15:12.973",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://docs.aviatrix.com/HowTos/security_bulletin_article.html#openvpn-client-elevation-of-privilege"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.criticalstart.com/multiple-vulnerabilities-discovered-in-aviatrix/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://docs.aviatrix.com/HowTos/security_bulletin_article.html#openvpn-client-elevation-of-privilege"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.criticalstart.com/multiple-vulnerabilities-discovered-in-aviatrix/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-15 22:15
Modified
2024-11-21 07:16
Severity ?
Summary
An issue was discovered in Aviatrix Gateway before 6.6.5712 and 6.7.x before 6.7.1376. Because Gateway API functions mishandle authentication, an authenticated VPN user can inject arbitrary commands.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:aviatrix:gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "00772B7A-F070-414C-A629-EAC53A45D150",
"versionEndExcluding": "6.6.5712",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aviatrix:gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A5C5ABA-98FE-44D6-B386-7E82044C4F9C",
"versionEndExcluding": "6.7.1376",
"versionStartIncluding": "6.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Aviatrix Gateway before 6.6.5712 and 6.7.x before 6.7.1376. Because Gateway API functions mishandle authentication, an authenticated VPN user can inject arbitrary commands."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Aviatrix Gateway versiones anteriores a 6.6.5712 y 6.7.x anteriores a 6.7.1376. Debido a que las funciones de la API de Gateway manejan inapropiadamente la autenticaci\u00f3n, un usuario de VPN autenticado puede inyectar comandos arbitrarios."
}
],
"id": "CVE-2022-38368",
"lastModified": "2024-11-21T07:16:20.010",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-15T22:15:21.477",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://docs.aviatrix.com/HowTos/PSIRT_Advisories.html#aviatrix-controller-and-gateways-unauthorized-access"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://docs.aviatrix.com/HowTos/PSIRT_Advisories.html#aviatrix-controller-and-gateways-unauthorized-access"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2020-13414 (GCVE-0-2020-13414)
Vulnerability from cvelistv5
Published
2020-05-22 20:48
Modified
2024-08-04 12:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Aviatrix Controller before 5.4.1204. It contains credentials unused by the software.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:18:17.659Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.aviatrix.com/HowTos/security_bulletin_article.html#clean-up-old-code"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.criticalstart.com/multiple-vulnerabilities-discovered-in-aviatrix/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Aviatrix Controller before 5.4.1204. It contains credentials unused by the software."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-17T20:20:10",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.aviatrix.com/HowTos/security_bulletin_article.html#clean-up-old-code"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.criticalstart.com/multiple-vulnerabilities-discovered-in-aviatrix/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13414",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Aviatrix Controller before 5.4.1204. It contains credentials unused by the software."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.aviatrix.com/HowTos/security_bulletin_article.html#clean-up-old-code",
"refsource": "MISC",
"url": "https://docs.aviatrix.com/HowTos/security_bulletin_article.html#clean-up-old-code"
},
{
"name": "https://www.criticalstart.com/multiple-vulnerabilities-discovered-in-aviatrix/",
"refsource": "MISC",
"url": "https://www.criticalstart.com/multiple-vulnerabilities-discovered-in-aviatrix/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-13414",
"datePublished": "2020-05-22T20:48:31",
"dateReserved": "2020-05-22T00:00:00",
"dateUpdated": "2024-08-04T12:18:17.659Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-13417 (GCVE-0-2020-13417)
Vulnerability from cvelistv5
Published
2020-05-22 20:47
Modified
2024-08-04 12:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An Elevation of Privilege issue was discovered in Aviatrix VPN Client before 2.10.7, because of an incomplete fix for CVE-2020-7224. This affects Linux, macOS, and Windows installations for certain OpenSSL parameters.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:18:17.893Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.aviatrix.com/HowTos/security_bulletin_article.html#openvpn-client-elevation-of-privilege"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.criticalstart.com/multiple-vulnerabilities-discovered-in-aviatrix/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Elevation of Privilege issue was discovered in Aviatrix VPN Client before 2.10.7, because of an incomplete fix for CVE-2020-7224. This affects Linux, macOS, and Windows installations for certain OpenSSL parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-17T20:20:30",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.aviatrix.com/HowTos/security_bulletin_article.html#openvpn-client-elevation-of-privilege"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.criticalstart.com/multiple-vulnerabilities-discovered-in-aviatrix/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13417",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Elevation of Privilege issue was discovered in Aviatrix VPN Client before 2.10.7, because of an incomplete fix for CVE-2020-7224. This affects Linux, macOS, and Windows installations for certain OpenSSL parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.aviatrix.com/HowTos/security_bulletin_article.html#openvpn-client-elevation-of-privilege",
"refsource": "MISC",
"url": "https://docs.aviatrix.com/HowTos/security_bulletin_article.html#openvpn-client-elevation-of-privilege"
},
{
"name": "https://www.criticalstart.com/multiple-vulnerabilities-discovered-in-aviatrix/",
"refsource": "MISC",
"url": "https://www.criticalstart.com/multiple-vulnerabilities-discovered-in-aviatrix/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-13417",
"datePublished": "2020-05-22T20:47:37",
"dateReserved": "2020-05-22T00:00:00",
"dateUpdated": "2024-08-04T12:18:17.893Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-38368 (GCVE-0-2022-38368)
Vulnerability from cvelistv5
Published
2022-08-15 20:59
Modified
2024-08-03 10:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Aviatrix Gateway before 6.6.5712 and 6.7.x before 6.7.1376. Because Gateway API functions mishandle authentication, an authenticated VPN user can inject arbitrary commands.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:54:03.463Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.aviatrix.com/HowTos/PSIRT_Advisories.html#aviatrix-controller-and-gateways-unauthorized-access"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Aviatrix Gateway before 6.6.5712 and 6.7.x before 6.7.1376. Because Gateway API functions mishandle authentication, an authenticated VPN user can inject arbitrary commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-15T20:59:09",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.aviatrix.com/HowTos/PSIRT_Advisories.html#aviatrix-controller-and-gateways-unauthorized-access"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-38368",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Aviatrix Gateway before 6.6.5712 and 6.7.x before 6.7.1376. Because Gateway API functions mishandle authentication, an authenticated VPN user can inject arbitrary commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.aviatrix.com/HowTos/PSIRT_Advisories.html#aviatrix-controller-and-gateways-unauthorized-access",
"refsource": "MISC",
"url": "https://docs.aviatrix.com/HowTos/PSIRT_Advisories.html#aviatrix-controller-and-gateways-unauthorized-access"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-38368",
"datePublished": "2022-08-15T20:59:09",
"dateReserved": "2022-08-15T00:00:00",
"dateUpdated": "2024-08-03T10:54:03.463Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}