PT-2023-21733 · Array Networks · Array Networks Apv
Published
2023-03-15
·
Updated
2023-03-24
·
CVE-2023-28460
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Array Networks APV products versions prior to 8.6.1.262
Array Networks APV products versions prior to 10.4.2.93
Description
A command injection issue was discovered in Array Networks APV products. A remote attacker can send a crafted packet after logging into the affected appliance as an administrator, resulting in arbitrary shell code execution.
Recommendations
For versions prior to 8.6.1.262, update to version 8.6.1.262 or newer.
For versions prior to 10.4.2.93, update to version 10.4.2.93 or newer.
Fix
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Array Networks Apv