CVE-2023-28461

CVE-2023-28461 affects Array Networks ArrayOS Array AG Series and vxAG (≤ 9.4.0.481). The vulnerability allows unauthenticated remote code execution by exploiting a flag in an HTTP header to browse the device filesystem and reach a vulnerable URL. PTSecurity notes evidence of active exploitation;...

CVE-2023-28461

Array Networks Array AG Series and vxAG 9.4.0.481 and earlier allow remote code execution. An attacker can browse the filesystem on the SSL VPN gateway using a flags attribute in an HTTP header without authentication. The product could then be exploited through a vulnerable URL. The 2023-03-09...

CVE-2023-28460

A command injection vulnerability was discovered in Array Networks APV products. A remote attacker can send a crafted packet after logging into the affected appliance as an administrator, resulting in arbitrary shell code execution. This is fixed in 8.6.1.262 or newer and 10.4.2.93 or newer...

PT-2023-21734

Name of the Vulnerable Software and Affected Versions Array Networks Array AG Series and vxAG versions 9.4.0.481 and earlier Description A critical security flaw allows remote code execution. An attacker can browse the filesystem on the SSL VPN gateway using a flags attribute in an HTTP header...

CVE-2023-24613

The user interface of Array Networks AG Series and vxAG through 9.4.0.470 could allow a remote attacker to use the gdb tool to overwrite the backend function call stack after accessing the system with administrator privileges. A successful exploit could leverage this vulnerability in the backend...

CVE-2023-24613

The user interface of Array Networks AG Series and vxAG through 9.4.0.470 could allow a remote attacker to use the gdb tool to overwrite the backend function call stack after accessing the system with administrator privileges. A successful exploit could leverage this vulnerability in the backend...

CVE-2023-24613

The user interface of Array Networks AG Series and vxAG through 9.4.0.470 could allow a remote attacker to use the gdb tool to overwrite the backend function call stack after accessing the system with administrator privileges. A successful exploit could leverage this vulnerability in the backend...

Array Networks AG 缓冲区错误漏洞

Array Networks AG/vxAG is an Array SSL-VPN gateway product from Array Networks, Inc. A security vulnerability exists in Array Networks AG. A remote attacker with administrator privileges could use the gdb utility to overwrite the back-end function call stack to trigger a denial of service attack...

CVE-2023-24613

The user interface of Array Networks AG Series and vxAG through 9.4.0.470 could allow a remote attacker to use the gdb tool to overwrite the backend function call stack after accessing the system with administrator privileges. A successful exploit could leverage this vulnerability in the backend...

CVE-2023-24613

CVE-2023-24613 affects Array Networks AG Series and vxAG UI (v9.4.0.470). A remote attacker with administrator access could use gdb to overwrite the backend function call stack in the UI handling binary, enabling a denial-of-service condition. The issue is resolved in AG 9.4.0.481. Affected versi...

CVE-2022-42897

Array Networks AG/vxAG with ArrayOS AG before 9.4.0.469 allows unauthenticated command injection that leads to privilege escalation and control of the system. NOTE: ArrayOS AG 10.x is unaffected...

CVE-2022-42897

Array Networks AG/vxAG with ArrayOS AG before 9.4.0.469 allows unauthenticated command injection that leads to privilege escalation and control of the system. NOTE: ArrayOS AG 10.x is unaffected...

Command injection

Array Networks AG/vxAG with ArrayOS AG before 9.4.0.469 allows unauthenticated command injection that leads to privilege escalation and control of the system. NOTE: ArrayOS AG 10.x is unaffected...

Array Networks AG/vxAG 命令注入漏洞

Array Networks AG/vxAG is an Array SSL-VPN gateway product from Array Networks, Inc. A security vulnerability exists in Array Networks AG/vxAG with ArrayOS AG prior to version 9.4.0.469, which stems from the fact that it allows an unauthenticated attacker to implement command injection, resulting...

CVE-2022-42897

Array Networks AG/vxAG with ArrayOS AG before 9.4.0.469 allows unauthenticated command injection that leads to privilege escalation and control of the system. NOTE: ArrayOS AG 10.x is unaffected...

PT-2022-26649 · Array Networks · Array Ag Os

Name of the Vulnerable Software and Affected Versions: Array Networks AG/vxAG with ArrayOS AG versions prior to 9.4.0.469 Description: The issue allows unauthenticated command injection, leading to privilege escalation and control of the system. Recommendations: For versions prior to 9.4.0.469,...

CVE-2022-42897

The CVE-2022-42897 entry concerns Array Networks VXG/vxAG with ArrayOS AG before 9.4.0.469, which suffers unauthenticated command injection leading to privilege escalation and control of the system. The issue affects versions prior to 9.4.0.469; ArrayOS AG 10.x is unaffected. Exploitation details...

CVE-2022-42897

Array Networks AG/vxAG with ArrayOS AG before 9.4.0.469 allows unauthenticated command injection that leads to privilege escalation and control of the system. NOTE: ArrayOS AG 10.x is unaffected...

(0Day) Array Networks MotionPro Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Array Networks MotionPro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Array Networks vAPV and vxAG Private Key 权限提升漏洞

No description provided by source...