Arraynetworks Arrayos Ag

MotionPro ArrayOS AG RCE via crafted packets before 9.4.0.505
CVE-2023-51707 9.8 - Critical - December 22, 2023

MotionPro in Array ArrayOS AG before 9.4.0.505 on AG and vxAG allows remote command execution via crafted packets. AG and vxAG 9.3.0.259.x are unaffected.

Command Injection

Array AG OS <9.4.0.499 DoS via abnormal HTTP
CVE-2023-41121 7.5 - High - August 25, 2023

Array AG OS before 9.4.0.499 allows denial of service: remote attackers can cause system service processes to crash through abnormal HTTP operations.

Remote Code Execution via Flags Header Array AG Series 9.4.0.481
CVE-2023-28461 9.8 - Critical - March 15, 2023

Array Networks Array AG Series and vxAG (9.4.0.481 and earlier) allow remote code execution. An attacker can browse the filesystem on the SSL VPN gateway using a flags attribute in an HTTP header without authentication. The product could then be exploited through a vulnerable URL. The 2023-03-09 vendor advisory stated "a new Array AG release with the fix will be available soon."

Missing Authentication for Critical Function

Remote DoS via GDB Stack Overwrite in Array Networks AG Series vxAG <=9.4.0.470
CVE-2023-24613 4.9 - Medium - February 03, 2023

The user interface of Array Networks AG Series and vxAG through 9.4.0.470 could allow a remote attacker to use the gdb tool to overwrite the backend function call stack after accessing the system with administrator privileges. A successful exploit could leverage this vulnerability in the backend binary file that handles the user interface to a cause denial of service attack. This is fixed in AG 9.4.0.481.

Memory Corruption

ArrayOS AG vxAG <9.4.0.469: UAC Command Injection (Privilege Escalation)
CVE-2022-42897 9.8 - Critical - October 13, 2022

Array Networks AG/vxAG with ArrayOS AG before 9.4.0.469 allows unauthenticated command injection that leads to privilege escalation and control of the system. NOTE: ArrayOS AG 10.x is unaffected.

Command Injection