A command injection vulnerability was discovered in Array Networks APV products. A remote attacker can send a crafted packet after logging into the affected appliance as an administrator, resulting in arbitrary shell code execution. This is fixed in 8.6.1.262 or newer and 10.4.2.93 or newer.

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors Products
Arraynetworks
  • Apv10650
  • Apv2800
  • Apv3600
  • Apv6600fips
  • Apv1600
  • Apv2600v5
  • Apv6600
  • Apv5800
  • Apv7800
  • Apv7600
  • Vapv
  • Apv1800
  • Apv800
  • Apv3600v5
  • Apv3650
  • Apv2600
  • Apv5600
  • Array Os
  • Apv1600v5
  • Apv1600t
  • Apv11600

Configuration 1 [-]

AND
OR cpe:2.3:o:arraynetworks:array_os:*:*:*:*:*:*:*:*
cpe:2.3:o:arraynetworks:array_os:*:*:*:*:*:*:*:*
cpe:2.3:o:arraynetworks:array_os:*:*:*:*:*:*:*:*
cpe:2.3:o:arraynetworks:array_os:10.4.3.2:*:*:*:*:*:*:*
OR cpe:2.3:h:arraynetworks:apv10650:-:*:*:*:*:*:*:*
cpe:2.3:h:arraynetworks:apv11600:-:*:*:*:*:*:*:*
cpe:2.3:h:arraynetworks:apv1600:-:*:*:*:*:*:*:*
cpe:2.3:h:arraynetworks:apv1600t:-:*:*:*:*:*:*:*
cpe:2.3:h:arraynetworks:apv1600v5:-:*:*:*:*:*:*:*
cpe:2.3:h:arraynetworks:apv1800:-:*:*:*:*:*:*:*
cpe:2.3:h:arraynetworks:apv2600:-:*:*:*:*:*:*:*
cpe:2.3:h:arraynetworks:apv2600v5:-:*:*:*:*:*:*:*
cpe:2.3:h:arraynetworks:apv2800:-:*:*:*:*:*:*:*
cpe:2.3:h:arraynetworks:apv3600:-:*:*:*:*:*:*:*
cpe:2.3:h:arraynetworks:apv3600v5:-:*:*:*:*:*:*:*
cpe:2.3:h:arraynetworks:apv3650:-:*:*:*:*:*:*:*
cpe:2.3:h:arraynetworks:apv5600:-:*:*:*:*:*:*:*
cpe:2.3:h:arraynetworks:apv5800:-:*:*:*:*:*:*:*
cpe:2.3:h:arraynetworks:apv6600:-:*:*:*:*:*:*:*
cpe:2.3:h:arraynetworks:apv6600fips:-:*:*:*:*:*:*:*
cpe:2.3:h:arraynetworks:apv7600:-:*:*:*:*:*:*:*
cpe:2.3:h:arraynetworks:apv7800:-:*:*:*:*:*:*:*
cpe:2.3:h:arraynetworks:apv800:-:*:*:*:*:*:*:*
cpe:2.3:h:arraynetworks:vapv:-:*:*:*:*:*:*:*
References
Link Resource
https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/documentation/FieldNotice/Array_Networks_Security_Advisory_Command_Injection_Vulnerabilities_APV_ID-133258.pdf Vendor Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2023-03-15T00:00:00

Updated: 2023-03-15T00:00:00

Reserved: 2023-03-15T00:00:00

Link: CVE-2023-28460

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2023-03-15T23:15:10.013

Modified: 2023-03-24T14:57:49.207

Link: CVE-2023-28460

JSON object: View

cve-icon Redhat Information

No data.

CWE