← Back

CVE-2022-42897

nvd nist
Published: Oct 13, 2022Modified: May 15, 2025

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

Array Networks AG/vxAG with ArrayOS AG before 9.4.0.469 allows unauthenticated command injection that leads to privilege escalation and control of the system. NOTE: ArrayOS AG 10.x is unaffected.

Affected (1)

Arraynetworks
1 product
Arrayos Ag
Configuration A
1 vulnerable · 14 platform
Vulnerable SoftwareAffected Versions
Arrayos Ag
Up to 9.4.0.469
Running on/withPlatform Versions
Arraynetworks
Ag1000
All versions
Arraynetworks
Ag1000t
All versions
Arraynetworks
Ag1000v5
All versions
Arraynetworks
Ag1100v5
All versions
Arraynetworks
Ag1150
All versions
Arraynetworks
Ag1200
All versions
Arraynetworks
Ag1200v5
All versions
Arraynetworks
Ag1500
All versions
Arraynetworks
Ag1500fips
All versions
Arraynetworks
Ag1500v5
All versions
Arraynetworks
Ag1600
All versions
Arraynetworks
Ag1600v5
All versions
Arraynetworks
Ah1100
All versions
Arraynetworks
Vxag
All versions

Related CWEs

CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

References (4)

Source: cve@mitre.org
PatchVendor Advisory
Source: cve@mitre.org
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.