Arraynetworks: >> Arrayos Ag >> 9.4.0.481 Security Vulnerabilities
MotionPro in Array ArrayOS AG before 9.4.0.505 on AG and vxAG allows remote command execution via crafted packets. AG and vxAG 9.3.0.259.x are unaffected.
CVSS Score
9.8
EPSS Score
0.026
Published
2023-12-22
Array AG OS before 9.4.0.499 allows denial of service: remote attackers can cause system service processes to crash through abnormal HTTP operations.
CVSS Score
7.5
EPSS Score
0.007
Published
2023-08-25
CVE-2023-28461
Array Networks Array AG Series and vxAG (9.4.0.481 and earlier) allow remote code execution. An attacker can browse the filesystem on the SSL VPN gateway using a flags attribute in an HTTP header without authentication. The product could then be exploited through a vulnerable URL. The 2023-03-09 vendor advisory stated "a new Array AG release with the fix will be available soon."
Known exploited
CVSS Score
9.8
EPSS Score
0.898
Published
2023-03-15