Vulnerability Details CVE-2022-42897
Array Networks AG/vxAG with ArrayOS AG before 9.4.0.469 allows unauthenticated command injection that leads to privilege escalation and control of the system. NOTE: ArrayOS AG 10.x is unaffected.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.015
EPSS Ranking 80.3%
CVSS Severity
CVSS v3 Score 9.8
References
- https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/documentation/FieldNotice/Array_Networks_Security_Advisory_Remote_Injection_Vulnerability_in_Array_VPN_Product_ID-11961_%20V2.1.pdf
- https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/fieldnotices.html
- https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/documentation/FieldNotice/Array_Networks_Security_Advisory_Remote_Injection_Vulnerability_in_Array_VPN_Product_ID-11961_%20V2.1.pdf
- https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/fieldnotices.html
Products affected by CVE-2022-42897
-
cpe:2.3:h:arraynetworks:ag1000:-
-
cpe:2.3:h:arraynetworks:ag1000t:-
-
cpe:2.3:h:arraynetworks:ag1000v5:-
-
cpe:2.3:h:arraynetworks:ag1100v5:-
-
cpe:2.3:h:arraynetworks:ag1150:-
-
cpe:2.3:h:arraynetworks:ag1200:-
-
cpe:2.3:h:arraynetworks:ag1200v5:-
-
cpe:2.3:h:arraynetworks:ag1500:-
-
cpe:2.3:h:arraynetworks:ag1500fips:-
-
cpe:2.3:h:arraynetworks:ag1500v5:-
-
cpe:2.3:h:arraynetworks:ag1600:-
-
cpe:2.3:h:arraynetworks:ag1600v5:-
-
cpe:2.3:h:arraynetworks:ah1100:-
-
cpe:2.3:h:arraynetworks:vxag:-
-
cpe:2.3:o:arraynetworks:arrayos_ag:-
-
cpe:2.3:o:arraynetworks:arrayos_ag:9.4.0.469