CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-38368
https://notcve.org/view.php?id=CVE-2022-38368
An issue was discovered in Aviatrix Gateway before 6.6.5712 and 6.7.x before 6.7.1376. Because Gateway API functions mishandle authentication, an authenticated VPN user can inject arbitrary commands. Se ha detectado un problema en Aviatrix Gateway versiones anteriores a 6.6.5712 y 6.7.x anteriores a 6.7.1376. Debido a que las funciones de la API de Gateway manejan inapropiadamente la autenticación, un usuario de VPN autenticado puede inyectar comandos arbitrarios. • https://docs.aviatrix.com/HowTos/PSIRT_Advisories.html#aviatrix-controller-and-gateways-unauthorized-access • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2020-13414
https://notcve.org/view.php?id=CVE-2020-13414
An issue was discovered in Aviatrix Controller before 5.4.1204. It contains credentials unused by the software. Se detectó un problema en Aviatrix Controller versiones anteriores a 5.4.1204. Contiene credenciales no utilizadas por el software. • https://docs.aviatrix.com/HowTos/security_bulletin_article.html#clean-up-old-code https://www.criticalstart.com/multiple-vulnerabilities-discovered-in-aviatrix • CWE-798: Use of Hard-coded Credentials •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 1CVE-2020-13417
https://notcve.org/view.php?id=CVE-2020-13417
An Elevation of Privilege issue was discovered in Aviatrix VPN Client before 2.10.7, because of an incomplete fix for CVE-2020-7224. This affects Linux, macOS, and Windows installations for certain OpenSSL parameters. Se detectó un problema de Elevación de Privilegios en Aviatrix VPN Client versiones anteriores a 2.10.7, debido a una corrección incompleta para CVE-2020-7224. Esto afecta las instalaciones de Linux, macOS y Windows para determinados parámetros OpenSSL. • https://docs.aviatrix.com/HowTos/security_bulletin_article.html#openvpn-client-elevation-of-privilege https://www.criticalstart.com/multiple-vulnerabilities-discovered-in-aviatrix •