CVE-2022-42897
Severity CVSS v4.0:
Pending analysis
Type:
CWE-77
Command Injection
Publication date:
13/10/2022
Last modified:
15/05/2025
Description
Array Networks AG/vxAG with ArrayOS AG before 9.4.0.469 allows unauthenticated command injection that leads to privilege escalation and control of the system. NOTE: ArrayOS AG 10.x is unaffected.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:arraynetworks:arrayos_ag:*:*:*:*:*:*:*:* | 9.4.0.469 (including) | |
| cpe:2.3:h:arraynetworks:ag1000:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:arraynetworks:ag1000t:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:arraynetworks:ag1000v5:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:arraynetworks:ag1100v5:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:arraynetworks:ag1150:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:arraynetworks:ag1200:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:arraynetworks:ag1200v5:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:arraynetworks:ag1500:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:arraynetworks:ag1500fips:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:arraynetworks:ag1500v5:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:arraynetworks:ag1600:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:arraynetworks:ag1600v5:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:arraynetworks:ah1100:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:arraynetworks:vxag:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/documentation/FieldNotice/Array_Networks_Security_Advisory_Remote_Injection_Vulnerability_in_Array_VPN_Product_ID-11961_%20V2.1.pdf
- https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/fieldnotices.html
- https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/documentation/FieldNotice/Array_Networks_Security_Advisory_Remote_Injection_Vulnerability_in_Array_VPN_Product_ID-11961_%20V2.1.pdf
- https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/fieldnotices.html