admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 17:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2023/CVE-2023-284xx/CVE-2023-28461.json
cad-safe-bot 367cbdb06d Auto-Update: 2025-03-14T21:00:20.865366+00:00
2025-03-14 21:03:52 +00:00

192 lines
6.6 KiB
JSON
Raw Blame History

{
"id": "CVE-2023-28461",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-03-15T23:15:10.070",
"lastModified": "2025-03-14T20:01:09.890",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Array Networks Array AG Series and vxAG (9.4.0.481 and earlier) allow remote code execution. An attacker can browse the filesystem on the SSL VPN gateway using a flags attribute in an HTTP header without authentication. The product could then be exploited through a vulnerable URL. The 2023-03-09 vendor advisory stated \"a new Array AG release with the fix will be available soon.\""
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"cisaExploitAdd": "2024-11-25",
"cisaActionDue": "2024-12-16",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "Array Networks AG and vxAG ArrayOS Missing Authentication for Critical Function Vulnerability",
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:arraynetworks:arrayos_ag:*:*:*:*:*:*:*:*",
"versionEndIncluding": "9.4.0.481",
"matchCriteriaId": "D704D079-D1AF-40EA-98E7-BE1E01371B11"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:arraynetworks:ag1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBE11A77-8C2F-46CA-87BA-47624380FFC1"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:arraynetworks:ag1000t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5ED51E1F-3155-40C6-B61C-73D6A9F64987"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:arraynetworks:ag1000v5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0BC33CF-FA0B-4556-B11E-61FF9B14880A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:arraynetworks:ag1100v5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A9C8C9AE-AF59-4E5A-93CD-A394F1A31FA0"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:arraynetworks:ag1150:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5E025A9D-6B7C-42B6-95EA-0A5726A919F4"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:arraynetworks:ag1200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0771D54C-15DF-403C-8CFA-B1E7D0136F50"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:arraynetworks:ag1200v5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7C9F6B87-E3D2-419A-B086-B981EF912F80"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:arraynetworks:ag1500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D385DBD0-C4A9-4168-82C2-832E0E40F42D"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:arraynetworks:ag1500fips:-:*:*:*:*:*:*:*",
"matchCriteriaId": "01569AB3-736D-47FE-86DD-F08ACDDCD11E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:arraynetworks:ag1500v5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "22E45185-071F-414A-AF78-4739F15A1D93"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:arraynetworks:ag1600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6F0988E-5E75-486A-9229-956D38A51C35"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:arraynetworks:ag1600v5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D09E2CC-C1B5-40DC-AD1A-7C6AB20525DC"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:arraynetworks:vxag:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6E149796-E3D7-4FAF-AB64-8D273E701861"
}
]
}
]
}
],
"references": [
{
"url": "https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/documentation/FieldNotice/Array_Networks_Security_Advisory_for_Remote_Code_Execution_Vulnerability_AG.pdf",
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Vendor Advisory"
]
},
{
"url": "https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/documentation/FieldNotice/Array_Networks_Security_Advisory_for_Remote_Code_Execution_Vulnerability_AG.pdf",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink