CVE-2023-24613

Published: Feb 3, 2023Modified: Mar 26, 2025

4.9

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.2 / Impact: 3.6

Source: NVD

Description

The user interface of Array Networks AG Series and vxAG through 9.4.0.470 could allow a remote attacker to use the gdb tool to overwrite the backend function call stack after accessing the system with administrator privileges. A successful exploit could leverage this vulnerability in the backend binary file that handles the user interface to a cause denial of service attack. This is fixed in AG 9.4.0.481.

Affected (1)

Products: Arraynetworks: Arrayos Ag

Arraynetworks

1 product

Arrayos Ag

Configuration A

1 vulnerable · 13 platform

Vulnerable Software	Affected Versions
Arraynetworks Arrayos Ag	Up to 9.4.0.470

Running on/with	Platform Versions
Arraynetworks Ag1000	All versions
Arraynetworks Ag1000t	All versions
Arraynetworks Ag1000v5	All versions
Arraynetworks Ag1100v5	All versions
Arraynetworks Ag1150	All versions
Arraynetworks Ag1200	All versions
Arraynetworks Ag1200v5	All versions
Arraynetworks Ag1500	All versions
Arraynetworks Ag1500fips	All versions
Arraynetworks Ag1500v5	All versions
Arraynetworks Ag1600	All versions
Arraynetworks Ag1600v5	All versions
Arraynetworks Vxag	All versions

Related CWEs

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (2)

https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/documentation/FieldNotice/Array_Networks_Security_Advisory_for_UI_Stack_Overflow_Vulnerability_ID-128285_V1.0.pdf

Source: cve@mitre.org

Vendor Advisory

https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/documentation/FieldNotice/Array_Networks_Security_Advisory_for_UI_Stack_Overflow_Vulnerability_ID-128285_V1.0.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.