Vulnerabilites related to arraynetworks - ag1500
CVE-2023-28461 (GCVE-0-2023-28461)
Vulnerability from cvelistv5
Published
2023-03-15 00:00
Modified
2025-07-30 01:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Array Networks Array AG Series and vxAG (9.4.0.481 and earlier) allow remote code execution. An attacker can browse the filesystem on the SSL VPN gateway using a flags attribute in an HTTP header without authentication. The product could then be exploited through a vulnerable URL. The 2023-03-09 vendor advisory stated "a new Array AG release with the fix will be available soon."
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:38:25.279Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/documentation/FieldNotice/Array_Networks_Security_Advisory_for_Remote_Code_Execution_Vulnerability_AG.pdf"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:arraynetworks:arrayos_ag:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arrayos_ag",
"vendor": "arraynetworks",
"versions": [
{
"lessThanOrEqual": "9.4.0.481",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-28461",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T04:55:26.280443Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2024-11-25",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-28461"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T01:37:29.659Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"timeline": [
{
"lang": "en",
"time": "2024-11-25T00:00:00+00:00",
"value": "CVE-2023-28461 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Array Networks Array AG Series and vxAG (9.4.0.481 and earlier) allow remote code execution. An attacker can browse the filesystem on the SSL VPN gateway using a flags attribute in an HTTP header without authentication. The product could then be exploited through a vulnerable URL. The 2023-03-09 vendor advisory stated \"a new Array AG release with the fix will be available soon.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-15T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/documentation/FieldNotice/Array_Networks_Security_Advisory_for_Remote_Code_Execution_Vulnerability_AG.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-28461",
"datePublished": "2023-03-15T00:00:00.000Z",
"dateReserved": "2023-03-15T00:00:00.000Z",
"dateUpdated": "2025-07-30T01:37:29.659Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-24613 (GCVE-0-2023-24613)
Vulnerability from cvelistv5
Published
2023-02-03 00:00
Modified
2025-03-26 14:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The user interface of Array Networks AG Series and vxAG through 9.4.0.470 could allow a remote attacker to use the gdb tool to overwrite the backend function call stack after accessing the system with administrator privileges. A successful exploit could leverage this vulnerability in the backend binary file that handles the user interface to a cause denial of service attack. This is fixed in AG 9.4.0.481.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:03:18.776Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/documentation/FieldNotice/Array_Networks_Security_Advisory_for_UI_Stack_Overflow_Vulnerability_ID-128285_V1.0.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-24613",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-26T14:53:45.920387Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-26T14:55:05.017Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The user interface of Array Networks AG Series and vxAG through 9.4.0.470 could allow a remote attacker to use the gdb tool to overwrite the backend function call stack after accessing the system with administrator privileges. A successful exploit could leverage this vulnerability in the backend binary file that handles the user interface to a cause denial of service attack. This is fixed in AG 9.4.0.481."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-03T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/documentation/FieldNotice/Array_Networks_Security_Advisory_for_UI_Stack_Overflow_Vulnerability_ID-128285_V1.0.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-24613",
"datePublished": "2023-02-03T00:00:00.000Z",
"dateReserved": "2023-01-30T00:00:00.000Z",
"dateUpdated": "2025-03-26T14:55:05.017Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-42897 (GCVE-0-2022-42897)
Vulnerability from cvelistv5
Published
2022-10-12 00:00
Modified
2025-05-15 17:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Array Networks AG/vxAG with ArrayOS AG before 9.4.0.469 allows unauthenticated command injection that leads to privilege escalation and control of the system. NOTE: ArrayOS AG 10.x is unaffected.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:19:05.396Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/documentation/FieldNotice/Array_Networks_Security_Advisory_Remote_Injection_Vulnerability_in_Array_VPN_Product_ID-11961_%20V2.1.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/fieldnotices.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-42897",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-15T17:55:14.330345Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-15T17:55:18.203Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Array Networks AG/vxAG with ArrayOS AG before 9.4.0.469 allows unauthenticated command injection that leads to privilege escalation and control of the system. NOTE: ArrayOS AG 10.x is unaffected."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-12T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/documentation/FieldNotice/Array_Networks_Security_Advisory_Remote_Injection_Vulnerability_in_Array_VPN_Product_ID-11961_%20V2.1.pdf"
},
{
"url": "https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/fieldnotices.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-42897",
"datePublished": "2022-10-12T00:00:00.000Z",
"dateReserved": "2022-10-12T00:00:00.000Z",
"dateUpdated": "2025-05-15T17:55:18.203Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2023-03-15 23:15
Modified
2025-03-14 20:01
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Array Networks Array AG Series and vxAG (9.4.0.481 and earlier) allow remote code execution. An attacker can browse the filesystem on the SSL VPN gateway using a flags attribute in an HTTP header without authentication. The product could then be exploited through a vulnerable URL. The 2023-03-09 vendor advisory stated "a new Array AG release with the fix will be available soon."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arraynetworks | arrayos_ag | * | |
| arraynetworks | ag1000 | - | |
| arraynetworks | ag1000t | - | |
| arraynetworks | ag1000v5 | - | |
| arraynetworks | ag1100v5 | - | |
| arraynetworks | ag1150 | - | |
| arraynetworks | ag1200 | - | |
| arraynetworks | ag1200v5 | - | |
| arraynetworks | ag1500 | - | |
| arraynetworks | ag1500fips | - | |
| arraynetworks | ag1500v5 | - | |
| arraynetworks | ag1600 | - | |
| arraynetworks | ag1600v5 | - | |
| arraynetworks | vxag | - |
{
"cisaActionDue": "2024-12-16",
"cisaExploitAdd": "2024-11-25",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "Array Networks AG and vxAG ArrayOS Missing Authentication for Critical Function Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arraynetworks:arrayos_ag:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D704D079-D1AF-40EA-98E7-BE1E01371B11",
"versionEndIncluding": "9.4.0.481",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arraynetworks:ag1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBE11A77-8C2F-46CA-87BA-47624380FFC1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arraynetworks:ag1000t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5ED51E1F-3155-40C6-B61C-73D6A9F64987",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arraynetworks:ag1000v5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0BC33CF-FA0B-4556-B11E-61FF9B14880A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arraynetworks:ag1100v5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A9C8C9AE-AF59-4E5A-93CD-A394F1A31FA0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arraynetworks:ag1150:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5E025A9D-6B7C-42B6-95EA-0A5726A919F4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arraynetworks:ag1200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0771D54C-15DF-403C-8CFA-B1E7D0136F50",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arraynetworks:ag1200v5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7C9F6B87-E3D2-419A-B086-B981EF912F80",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arraynetworks:ag1500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D385DBD0-C4A9-4168-82C2-832E0E40F42D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arraynetworks:ag1500fips:-:*:*:*:*:*:*:*",
"matchCriteriaId": "01569AB3-736D-47FE-86DD-F08ACDDCD11E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arraynetworks:ag1500v5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "22E45185-071F-414A-AF78-4739F15A1D93",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arraynetworks:ag1600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6F0988E-5E75-486A-9229-956D38A51C35",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arraynetworks:ag1600v5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D09E2CC-C1B5-40DC-AD1A-7C6AB20525DC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arraynetworks:vxag:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6E149796-E3D7-4FAF-AB64-8D273E701861",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Array Networks Array AG Series and vxAG (9.4.0.481 and earlier) allow remote code execution. An attacker can browse the filesystem on the SSL VPN gateway using a flags attribute in an HTTP header without authentication. The product could then be exploited through a vulnerable URL. The 2023-03-09 vendor advisory stated \"a new Array AG release with the fix will be available soon.\""
}
],
"id": "CVE-2023-28461",
"lastModified": "2025-03-14T20:01:09.890",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-03-15T23:15:10.070",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/documentation/FieldNotice/Array_Networks_Security_Advisory_for_Remote_Code_Execution_Vulnerability_AG.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/documentation/FieldNotice/Array_Networks_Security_Advisory_for_Remote_Code_Execution_Vulnerability_AG.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-02-03 02:15
Modified
2025-03-26 15:15
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Summary
The user interface of Array Networks AG Series and vxAG through 9.4.0.470 could allow a remote attacker to use the gdb tool to overwrite the backend function call stack after accessing the system with administrator privileges. A successful exploit could leverage this vulnerability in the backend binary file that handles the user interface to a cause denial of service attack. This is fixed in AG 9.4.0.481.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arraynetworks | arrayos_ag | * | |
| arraynetworks | ag1000 | - | |
| arraynetworks | ag1000t | - | |
| arraynetworks | ag1000v5 | - | |
| arraynetworks | ag1100v5 | - | |
| arraynetworks | ag1150 | - | |
| arraynetworks | ag1200 | - | |
| arraynetworks | ag1200v5 | - | |
| arraynetworks | ag1500 | - | |
| arraynetworks | ag1500fips | - | |
| arraynetworks | ag1500v5 | - | |
| arraynetworks | ag1600 | - | |
| arraynetworks | ag1600v5 | - | |
| arraynetworks | vxag | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arraynetworks:arrayos_ag:*:*:*:*:*:*:*:*",
"matchCriteriaId": "074EC86B-4746-4E34-AB53-E6437C22ED25",
"versionEndIncluding": "9.4.0.470",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arraynetworks:ag1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBE11A77-8C2F-46CA-87BA-47624380FFC1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arraynetworks:ag1000t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5ED51E1F-3155-40C6-B61C-73D6A9F64987",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arraynetworks:ag1000v5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0BC33CF-FA0B-4556-B11E-61FF9B14880A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arraynetworks:ag1100v5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A9C8C9AE-AF59-4E5A-93CD-A394F1A31FA0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arraynetworks:ag1150:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5E025A9D-6B7C-42B6-95EA-0A5726A919F4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arraynetworks:ag1200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0771D54C-15DF-403C-8CFA-B1E7D0136F50",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arraynetworks:ag1200v5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7C9F6B87-E3D2-419A-B086-B981EF912F80",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arraynetworks:ag1500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D385DBD0-C4A9-4168-82C2-832E0E40F42D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arraynetworks:ag1500fips:-:*:*:*:*:*:*:*",
"matchCriteriaId": "01569AB3-736D-47FE-86DD-F08ACDDCD11E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arraynetworks:ag1500v5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "22E45185-071F-414A-AF78-4739F15A1D93",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arraynetworks:ag1600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6F0988E-5E75-486A-9229-956D38A51C35",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arraynetworks:ag1600v5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D09E2CC-C1B5-40DC-AD1A-7C6AB20525DC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arraynetworks:vxag:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6E149796-E3D7-4FAF-AB64-8D273E701861",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The user interface of Array Networks AG Series and vxAG through 9.4.0.470 could allow a remote attacker to use the gdb tool to overwrite the backend function call stack after accessing the system with administrator privileges. A successful exploit could leverage this vulnerability in the backend binary file that handles the user interface to a cause denial of service attack. This is fixed in AG 9.4.0.481."
},
{
"lang": "es",
"value": "La interfaz de usuario de Array Networks AG Series y vxAG hasta la versi\u00f3n 9.4.0.470 podr\u00eda permitir a un atacante remoto utilizar la herramienta gdb para sobrescribir la pila de llamadas de funciones backend despu\u00e9s de acceder al sistema con privilegios de administrador. Un exploit exitoso podr\u00eda aprovechar esta vulnerabilidad en el archivo binario backend que maneja la interfaz de usuario para provocar un ataque de denegaci\u00f3n de servicio. Esto se soluciona en AG 9.4.0.481."
}
],
"id": "CVE-2023-24613",
"lastModified": "2025-03-26T15:15:47.477",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-02-03T02:15:07.997",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/documentation/FieldNotice/Array_Networks_Security_Advisory_for_UI_Stack_Overflow_Vulnerability_ID-128285_V1.0.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/documentation/FieldNotice/Array_Networks_Security_Advisory_for_UI_Stack_Overflow_Vulnerability_ID-128285_V1.0.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-13 00:15
Modified
2025-05-15 18:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Array Networks AG/vxAG with ArrayOS AG before 9.4.0.469 allows unauthenticated command injection that leads to privilege escalation and control of the system. NOTE: ArrayOS AG 10.x is unaffected.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arraynetworks | arrayos_ag | * | |
| arraynetworks | ag1000 | - | |
| arraynetworks | ag1000t | - | |
| arraynetworks | ag1000v5 | - | |
| arraynetworks | ag1100v5 | - | |
| arraynetworks | ag1150 | - | |
| arraynetworks | ag1200 | - | |
| arraynetworks | ag1200v5 | - | |
| arraynetworks | ag1500 | - | |
| arraynetworks | ag1500fips | - | |
| arraynetworks | ag1500v5 | - | |
| arraynetworks | ag1600 | - | |
| arraynetworks | ag1600v5 | - | |
| arraynetworks | ah1100 | - | |
| arraynetworks | vxag | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arraynetworks:arrayos_ag:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA309503-9419-47EC-A4A5-312C5CF77EB8",
"versionEndIncluding": "9.4.0.469",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arraynetworks:ag1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBE11A77-8C2F-46CA-87BA-47624380FFC1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arraynetworks:ag1000t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5ED51E1F-3155-40C6-B61C-73D6A9F64987",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arraynetworks:ag1000v5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0BC33CF-FA0B-4556-B11E-61FF9B14880A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arraynetworks:ag1100v5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A9C8C9AE-AF59-4E5A-93CD-A394F1A31FA0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arraynetworks:ag1150:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5E025A9D-6B7C-42B6-95EA-0A5726A919F4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arraynetworks:ag1200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0771D54C-15DF-403C-8CFA-B1E7D0136F50",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arraynetworks:ag1200v5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7C9F6B87-E3D2-419A-B086-B981EF912F80",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arraynetworks:ag1500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D385DBD0-C4A9-4168-82C2-832E0E40F42D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arraynetworks:ag1500fips:-:*:*:*:*:*:*:*",
"matchCriteriaId": "01569AB3-736D-47FE-86DD-F08ACDDCD11E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arraynetworks:ag1500v5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "22E45185-071F-414A-AF78-4739F15A1D93",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arraynetworks:ag1600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6F0988E-5E75-486A-9229-956D38A51C35",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arraynetworks:ag1600v5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D09E2CC-C1B5-40DC-AD1A-7C6AB20525DC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arraynetworks:ah1100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02AC1873-8E42-4580-A9E0-C8E97BD8ADBA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arraynetworks:vxag:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6E149796-E3D7-4FAF-AB64-8D273E701861",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Array Networks AG/vxAG with ArrayOS AG before 9.4.0.469 allows unauthenticated command injection that leads to privilege escalation and control of the system. NOTE: ArrayOS AG 10.x is unaffected."
},
{
"lang": "es",
"value": "Array Networks AG/vxAG con ArrayOS AG versiones anteriores a 9.4.0.469, permite una inyecci\u00f3n de comandos no autenticados que conlleva a una escalada de privilegios y un control del sistema. NOTA: ArrayOS AG versi\u00f3n 10.x no est\u00e1 afectado"
}
],
"id": "CVE-2022-42897",
"lastModified": "2025-05-15T18:15:32.773",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-10-13T00:15:09.247",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/documentation/FieldNotice/Array_Networks_Security_Advisory_Remote_Injection_Vulnerability_in_Array_VPN_Product_ID-11961_%20V2.1.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/fieldnotices.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/documentation/FieldNotice/Array_Networks_Security_Advisory_Remote_Injection_Vulnerability_in_Array_VPN_Product_ID-11961_%20V2.1.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/fieldnotices.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}