Array Networks vAPV (version 8.3.2.17) and vxAG (version 9.2.0.34) appliances are affected by a privilege escalation vulnerability caused by a combination of hardcoded SSH credentials (or SSH private key) and insecure permissions on a startup script. The devices ship with a default SSH login or a hardcoded DSA private key, allowing an attacker to authenticate remotely with limited privileges.


Once authenticated, an attacker can overwrite the world-writable /ca/bin/monitor.sh script with arbitrary commands. Since this script is executed with elevated privileges through the backend binary, enabling the debug monitor via backend -c "debug monitor on" triggers execution of the attacker's payload as root. This allows full system compromise.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Thu, 31 Jul 2025 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Arraynetworks
Arraynetworks vapv
Arraynetworks vxag
Vendors & Products Arraynetworks
Arraynetworks vapv
Arraynetworks vxag

Thu, 31 Jul 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 31 Jul 2025 15:00:00 +0000

Type Values Removed Values Added
Description Array Networks vAPV (version 8.3.2.17) and vxAG (version 9.2.0.34) appliances are affected by a privilege escalation vulnerability caused by a combination of hardcoded SSH credentials (or SSH private key) and insecure permissions on a startup script. The devices ship with a default SSH login or a hardcoded DSA private key, allowing an attacker to authenticate remotely with limited privileges. Once authenticated, an attacker can overwrite the world-writable /ca/bin/monitor.sh script with arbitrary commands. Since this script is executed with elevated privileges through the backend binary, enabling the debug monitor via backend -c "debug monitor on" triggers execution of the attacker's payload as root. This allows full system compromise.
Title Array Networks vAPV and vxAG Default Credential Privilege Escalation
Weaknesses CWE-732
CWE-798
References
Metrics cvssV4_0

{'score': 10, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2025-07-31T15:17:56.760Z

Reserved: 2025-07-30T14:40:43.661Z

Link: CVE-2014-125121

cve-icon Vulnrichment

Updated: 2025-07-31T15:17:52.464Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-07-31T15:15:34.470

Modified: 2025-07-31T18:42:37.870

Link: CVE-2014-125121

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-07-31T20:37:52Z