cve-2023-24613
Vulnerability from cvelistv5
Published
2023-02-03 00:00
Modified
2024-08-02 11:03
Severity ?
EPSS score ?
Summary
The user interface of Array Networks AG Series and vxAG through 9.4.0.470 could allow a remote attacker to use the gdb tool to overwrite the backend function call stack after accessing the system with administrator privileges. A successful exploit could leverage this vulnerability in the backend binary file that handles the user interface to a cause denial of service attack. This is fixed in AG 9.4.0.481.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T11:03:18.776Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/documentation/FieldNotice/Array_Networks_Security_Advisory_for_UI_Stack_Overflow_Vulnerability_ID-128285_V1.0.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "The user interface of Array Networks AG Series and vxAG through 9.4.0.470 could allow a remote attacker to use the gdb tool to overwrite the backend function call stack after accessing the system with administrator privileges. A successful exploit could leverage this vulnerability in the backend binary file that handles the user interface to a cause denial of service attack. This is fixed in AG 9.4.0.481." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-02-03T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/documentation/FieldNotice/Array_Networks_Security_Advisory_for_UI_Stack_Overflow_Vulnerability_ID-128285_V1.0.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2023-24613", "datePublished": "2023-02-03T00:00:00", "dateReserved": "2023-01-30T00:00:00", "dateUpdated": "2024-08-02T11:03:18.776Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "vulnerability-lookup:meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2023-24613\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2023-02-03T02:15:07.997\",\"lastModified\":\"2024-11-21T07:48:14.463\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The user interface of Array Networks AG Series and vxAG through 9.4.0.470 could allow a remote attacker to use the gdb tool to overwrite the backend function call stack after accessing the system with administrator privileges. A successful exploit could leverage this vulnerability in the backend binary file that handles the user interface to a cause denial of service attack. This is fixed in AG 9.4.0.481.\"},{\"lang\":\"es\",\"value\":\"La interfaz de usuario de Array Networks AG Series y vxAG hasta la versi\u00f3n 9.4.0.470 podr\u00eda permitir a un atacante remoto utilizar la herramienta gdb para sobrescribir la pila de llamadas de funciones backend despu\u00e9s de acceder al sistema con privilegios de administrador. Un exploit exitoso podr\u00eda aprovechar esta vulnerabilidad en el archivo binario backend que maneja la interfaz de usuario para provocar un ataque de denegaci\u00f3n de servicio. Esto se soluciona en AG 9.4.0.481.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":4.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.2,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:arraynetworks:arrayos_ag:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"9.4.0.470\",\"matchCriteriaId\":\"074EC86B-4746-4E34-AB53-E6437C22ED25\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:arraynetworks:ag1000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EBE11A77-8C2F-46CA-87BA-47624380FFC1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:arraynetworks:ag1000t:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5ED51E1F-3155-40C6-B61C-73D6A9F64987\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:arraynetworks:ag1000v5:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F0BC33CF-FA0B-4556-B11E-61FF9B14880A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:arraynetworks:ag1100v5:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A9C8C9AE-AF59-4E5A-93CD-A394F1A31FA0\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:arraynetworks:ag1150:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5E025A9D-6B7C-42B6-95EA-0A5726A919F4\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:arraynetworks:ag1200:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0771D54C-15DF-403C-8CFA-B1E7D0136F50\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:arraynetworks:ag1200v5:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7C9F6B87-E3D2-419A-B086-B981EF912F80\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:arraynetworks:ag1500:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D385DBD0-C4A9-4168-82C2-832E0E40F42D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:arraynetworks:ag1500fips:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"01569AB3-736D-47FE-86DD-F08ACDDCD11E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:arraynetworks:ag1500v5:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"22E45185-071F-414A-AF78-4739F15A1D93\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:arraynetworks:ag1600:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C6F0988E-5E75-486A-9229-956D38A51C35\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:arraynetworks:ag1600v5:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D09E2CC-C1B5-40DC-AD1A-7C6AB20525DC\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:arraynetworks:vxag:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E149796-E3D7-4FAF-AB64-8D273E701861\"}]}]}],\"references\":[{\"url\":\"https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/documentation/FieldNotice/Array_Networks_Security_Advisory_for_UI_Stack_Overflow_Vulnerability_ID-128285_V1.0.pdf\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/documentation/FieldNotice/Array_Networks_Security_Advisory_for_UI_Stack_Overflow_Vulnerability_ID-128285_V1.0.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}" } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.