CVE-2023-24613
Severity CVSS v4.0:
Pending analysis
Type:
CWE-787
Out-of-bounds Write
Publication date:
03/02/2023
Last modified:
26/03/2025
Description
The user interface of Array Networks AG Series and vxAG through 9.4.0.470 could allow a remote attacker to use the gdb tool to overwrite the backend function call stack after accessing the system with administrator privileges. A successful exploit could leverage this vulnerability in the backend binary file that handles the user interface to a cause denial of service attack. This is fixed in AG 9.4.0.481.
Impact
Base Score 3.x
4.90
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:arraynetworks:arrayos_ag:*:*:*:*:*:*:*:* | 9.4.0.470 (including) | |
| cpe:2.3:h:arraynetworks:ag1000:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:arraynetworks:ag1000t:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:arraynetworks:ag1000v5:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:arraynetworks:ag1100v5:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:arraynetworks:ag1150:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:arraynetworks:ag1200:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:arraynetworks:ag1200v5:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:arraynetworks:ag1500:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:arraynetworks:ag1500fips:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:arraynetworks:ag1500v5:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:arraynetworks:ag1600:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:arraynetworks:ag1600v5:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:arraynetworks:vxag:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/documentation/FieldNotice/Array_Networks_Security_Advisory_for_UI_Stack_Overflow_Vulnerability_ID-128285_V1.0.pdf
- https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/documentation/FieldNotice/Array_Networks_Security_Advisory_for_UI_Stack_Overflow_Vulnerability_ID-128285_V1.0.pdf