OpenCVE

Array Networks AG/vxAG with ArrayOS AG before 9.4.0.469 allows unauthenticated command injection that leads to privilege escalation and control of the system. NOTE: ArrayOS AG 10.x is unaffected.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Arraynetworks	Ag1000 Ag1000t Ag1000v5 Ag1100v5 Ag1150 Ag1200 Ag1200v5 Ag1500 Ag1500fips Ag1500v5 Ag1600 Ag1600v5 Ah1100 Arrayos Ag Vxag

Configuration 1 [-]

AND

cpe:2.3:o:arraynetworks:arrayos_ag:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:arraynetworks:ag1000:-:::::::*
	cpe:2.3:h:arraynetworks:ag1000t:-:::::::*
	cpe:2.3:h:arraynetworks:ag1000v5:-:::::::*
	cpe:2.3:h:arraynetworks:ag1100v5:-:::::::*
	cpe:2.3:h:arraynetworks:ag1150:-:::::::*
	cpe:2.3:h:arraynetworks:ag1200:-:::::::*
	cpe:2.3:h:arraynetworks:ag1200v5:-:::::::*
	cpe:2.3:h:arraynetworks:ag1500:-:::::::*
	cpe:2.3:h:arraynetworks:ag1500fips:-:::::::*
	cpe:2.3:h:arraynetworks:ag1500v5:-:::::::*
	cpe:2.3:h:arraynetworks:ag1600:-:::::::*
	cpe:2.3:h:arraynetworks:ag1600v5:-:::::::*
	cpe:2.3:h:arraynetworks:ah1100:-:::::::*
	cpe:2.3:h:arraynetworks:vxag:-:::::::*

No data.

References

Link	Providers
https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/documentation/FieldNotice/Array_Networks_Security_Advisory_Remote_Injection_Vulnerability_in_Array_VPN_Product_ID-11961_%20V2.1.pdf
https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/fieldnotices.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-10-12T00:00:00

Updated: 2024-08-03T13:19:05.396Z

Reserved: 2022-10-12T00:00:00

Link: CVE-2022-42897

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-10-13T00:15:09.247

Modified: 2024-11-21T07:25:33.257

Link: CVE-2022-42897

Redhat

No data.

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:arraynetworks:arrayos_ag:*:*:*:*:*:*:*:*", "matchCriteriaId": "AA309503-9419-47EC-A4A5-312C5CF77EB8", "versionEndIncluding": "9.4.0.469", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:arraynetworks:ag1000:-:*:*:*:*:*:*:*", "matchCriteriaId": "EBE11A77-8C2F-46CA-87BA-47624380FFC1", "vulnerable": false}, {"criteria": "cpe:2.3:h:arraynetworks:ag1000t:-:*:*:*:*:*:*:*", "matchCriteriaId": "5ED51E1F-3155-40C6-B61C-73D6A9F64987", "vulnerable": false}, {"criteria": "cpe:2.3:h:arraynetworks:ag1000v5:-:*:*:*:*:*:*:*", "matchCriteriaId": "F0BC33CF-FA0B-4556-B11E-61FF9B14880A", "vulnerable": false}, {"criteria": "cpe:2.3:h:arraynetworks:ag1100v5:-:*:*:*:*:*:*:*", "matchCriteriaId": "A9C8C9AE-AF59-4E5A-93CD-A394F1A31FA0", "vulnerable": false}, {"criteria": "cpe:2.3:h:arraynetworks:ag1150:-:*:*:*:*:*:*:*", "matchCriteriaId": "5E025A9D-6B7C-42B6-95EA-0A5726A919F4", "vulnerable": false}, {"criteria": "cpe:2.3:h:arraynetworks:ag1200:-:*:*:*:*:*:*:*", "matchCriteriaId": "0771D54C-15DF-403C-8CFA-B1E7D0136F50", "vulnerable": false}, {"criteria": "cpe:2.3:h:arraynetworks:ag1200v5:-:*:*:*:*:*:*:*", "matchCriteriaId": "7C9F6B87-E3D2-419A-B086-B981EF912F80", "vulnerable": false}, {"criteria": "cpe:2.3:h:arraynetworks:ag1500:-:*:*:*:*:*:*:*", "matchCriteriaId": "D385DBD0-C4A9-4168-82C2-832E0E40F42D", "vulnerable": false}, {"criteria": "cpe:2.3:h:arraynetworks:ag1500fips:-:*:*:*:*:*:*:*", "matchCriteriaId": "01569AB3-736D-47FE-86DD-F08ACDDCD11E", "vulnerable": false}, {"criteria": "cpe:2.3:h:arraynetworks:ag1500v5:-:*:*:*:*:*:*:*", "matchCriteriaId": "22E45185-071F-414A-AF78-4739F15A1D93", "vulnerable": false}, {"criteria": "cpe:2.3:h:arraynetworks:ag1600:-:*:*:*:*:*:*:*", "matchCriteriaId": "C6F0988E-5E75-486A-9229-956D38A51C35", "vulnerable": false}, {"criteria": "cpe:2.3:h:arraynetworks:ag1600v5:-:*:*:*:*:*:*:*", "matchCriteriaId": "1D09E2CC-C1B5-40DC-AD1A-7C6AB20525DC", "vulnerable": false}, {"criteria": "cpe:2.3:h:arraynetworks:ah1100:-:*:*:*:*:*:*:*", "matchCriteriaId": "02AC1873-8E42-4580-A9E0-C8E97BD8ADBA", "vulnerable": false}, {"criteria": "cpe:2.3:h:arraynetworks:vxag:-:*:*:*:*:*:*:*", "matchCriteriaId": "6E149796-E3D7-4FAF-AB64-8D273E701861", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Array Networks AG/vxAG with ArrayOS AG before 9.4.0.469 allows unauthenticated command injection that leads to privilege escalation and control of the system. NOTE: ArrayOS AG 10.x is unaffected."}, {"lang": "es", "value": "Array Networks AG/vxAG con ArrayOS AG versiones anteriores a 9.4.0.469, permite una inyecci\u00f3n de comandos no autenticados que conlleva a una escalada de privilegios y un control del sistema. NOTA: ArrayOS AG versi\u00f3n 10.x no est\u00e1 afectado"}], "id": "CVE-2022-42897", "lastModified": "2024-11-21T07:25:33.257", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-10-13T00:15:09.247", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/documentation/FieldNotice/Array_Networks_Security_Advisory_Remote_Injection_Vulnerability_in_Array_VPN_Product_ID-11961_%20V2.1.pdf"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/fieldnotices.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/documentation/FieldNotice/Array_Networks_Security_Advisory_Remote_Injection_Vulnerability_in_Array_VPN_Product_ID-11961_%20V2.1.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/fieldnotices.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}], "source": "nvd@nist.gov", "type": "Primary"}]}