CVE-2023-28460

CVSS V2 None CVSS V3 None
Description
A command injection vulnerability was discovered in Array Networks APV products. A remote attacker can send a crafted packet after logging into the affected appliance as an administrator, resulting in arbitrary shell code execution. This is fixed in 8.6.1.262 or newer and 10.4.2.93 or newer.
Overview
  • CVE ID
  • CVE-2023-28460
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2023-03-15T23:15:10
  • Last Modified Date
  • 2023-03-24T14:57:49
Weakness Enumerations
CWE URL
CWE-77 http://cwe.mitre.org/data/definitions/77.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:o:arraynetworks:array_os:*:*:*:*:*:*:*:* 1 OR 8.6.1.243
cpe:2.3:o:arraynetworks:array_os:*:*:*:*:*:*:*:* 1 OR 9.0.1.12 10.4.0.79
cpe:2.3:o:arraynetworks:array_os:*:*:*:*:*:*:*:* 1 OR 10.4.2.12 10.4.2.58
cpe:2.3:o:arraynetworks:array_os:10.4.3.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:arraynetworks:apv10650:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:arraynetworks:apv11600:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:arraynetworks:apv1600:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:arraynetworks:apv1600t:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:arraynetworks:apv1600v5:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:arraynetworks:apv1800:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:arraynetworks:apv2600:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:arraynetworks:apv2600v5:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:arraynetworks:apv2800:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:arraynetworks:apv3600:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:arraynetworks:apv3600v5:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:arraynetworks:apv3650:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:arraynetworks:apv5600:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:arraynetworks:apv5800:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:arraynetworks:apv6600:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:arraynetworks:apv6600fips:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:arraynetworks:apv7600:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:arraynetworks:apv7800:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:arraynetworks:apv800:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:arraynetworks:vapv:-:*:*:*:*:*:*:* 0 OR
References
Reference URL Reference Tags
https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/documentation/FieldNotice/Array_Networks_Security_Advisory_Command_Injection_Vulnerabilities_APV_ID-133258.pdf Vendor Advisory
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2023-28460
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28460
History
Created Old Value New Value Data Type Notes
2023-04-17 06:32:24 Added to TrackCVE
2023-04-17 06:32:26 Weakness Enumeration new