← Back

CVE-2023-28460

nvd nist
Published: Mar 15, 2023Modified: Nov 21, 2024

JSON object

Loading...
7.2
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.2 / Impact: 5.9
Source: NVD

Description

A command injection vulnerability was discovered in Array Networks APV products. A remote attacker can send a crafted packet after logging into the affected appliance as an administrator, resulting in arbitrary shell code execution. This is fixed in 8.6.1.262 or newer and 10.4.2.93 or newer.

Affected (4)

Arraynetworks
1 product
Array Os
Configuration A
4 vulnerable · 20 platform
Vulnerable SoftwareAffected Versions
Arraynetworks
Array Os
Up to 8.6.1.243
Array Os
From 10.4.2.12 to 10.4.2.58
Array Os
From 9.0.1.12 to 10.4.0.79
Array Os
Version 10.4.3.2
Running on/withPlatform Versions
Arraynetworks
Apv10650
All versions
Arraynetworks
Apv11600
All versions
Arraynetworks
Apv1600
All versions
Arraynetworks
Apv1600t
All versions
Arraynetworks
Apv1600v5
All versions
Arraynetworks
Apv1800
All versions
Arraynetworks
Apv2600
All versions
Arraynetworks
Apv2600v5
All versions
Arraynetworks
Apv2800
All versions
Arraynetworks
Apv3600
All versions
Arraynetworks
Apv3600v5
All versions
Arraynetworks
Apv3650
All versions
Arraynetworks
Apv5600
All versions
Arraynetworks
Apv5800
All versions
Arraynetworks
Apv6600
All versions
Arraynetworks
Apv6600fips
All versions
Arraynetworks
Apv7600
All versions
Arraynetworks
Apv7800
All versions
Arraynetworks
Apv800
All versions
Arraynetworks
Vapv
All versions

Related CWEs

CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

References (2)

Source: cve@mitre.org
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.