Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2022-38368
CVE-2022-38368:
NixOS vulnerability analysis and mitigation
Overview
An issue was discovered in Aviatrix Gateway before versions 6.6.5712 and 6.7.x before 6.7.1376. The vulnerability allowed authenticated VPN users to potentially inject arbitrary commands due to Gateway API functions mishandling authentication (Aviatrix Docs, NVD).
Technical details
The vulnerability stems from Gateway API functions that contained improper authentication mechanisms, which could be exploited by authenticated VPN users. The issue was rated as High severity for Gateways (Aviatrix Docs).
Impact
A successful exploitation of this vulnerability would allow an authenticated VPN user to execute arbitrary commands against Aviatrix gateways (Aviatrix Docs).
Mitigation and workarounds
The vulnerability was addressed in Aviatrix Gateway versions 6.6.5712 and later, and 6.7.1376 and later. Users are recommended to upgrade their Aviatrix Controller and gateway software to these versions or newer (Aviatrix Docs).
Community reactions
Aviatrix acknowledged Thomas Wallin from Splunk for the responsible disclosure of this issue (Aviatrix Docs).
Additional resources
Source: This report was generated using AI
Related NixOS vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management