Arraynetworks Arrayos Ag vulnerabilities
6 known vulnerabilities affecting arraynetworks/arrayos_ag.
Total CVEs
6
CISA KEV
2
actively exploited
Public exploits
0
Exploited in wild
2
Severity breakdown
CRITICAL4HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2023-28461P1CRITICALCVSS 9.8KEVRansomware≤ 9.4.0.4812023-03-15
CVE-2023-28461 [CRITICAL] CWE-287 CVE-2023-28461: Array Networks Array AG Series and vxAG (9.4.0.481 and earlier) allow remote code execution. An atta
Array Networks Array AG Series and vxAG (9.4.0.481 and earlier) allow remote code execution. An attacker can browse the filesystem on the SSL VPN gateway using a flags attribute in an HTTP header without authentication. The product could then be exploited through a vulnerable URL. The 2023-03-09 vendor advisory stated "a new Array AG release with
nvd
CVE-2025-66644P1CRITICALCVSS 9.8KEVfixed in 9.4.5.92025-12-05
CVE-2025-66644 [CRITICAL] CWE-78 CVE-2025-66644: Array Networks ArrayOS AG before 9.4.5.9 allows command injection, as exploited in the wild in Augus
Array Networks ArrayOS AG before 9.4.5.9 allows command injection, as exploited in the wild in August through December 2025.
nvd
CVE-2022-42897P2CRITICALCVSS 9.8≤ 9.4.0.4692022-10-13
CVE-2022-42897 [CRITICAL] CWE-77 CVE-2022-42897: Array Networks AG/vxAG with ArrayOS AG before 9.4.0.469 allows unauthenticated command injection tha
Array Networks AG/vxAG with ArrayOS AG before 9.4.0.469 allows unauthenticated command injection that leads to privilege escalation and control of the system. NOTE: ArrayOS AG 10.x is unaffected.
nvd
CVE-2023-51707P2CRITICALCVSS 9.8fixed in 9.4.0.5052023-12-22
CVE-2023-51707 [CRITICAL] CWE-77 CVE-2023-51707: MotionPro in Array ArrayOS AG before 9.4.0.505 on AG and vxAG allows remote command execution via cr
MotionPro in Array ArrayOS AG before 9.4.0.505 on AG and vxAG allows remote command execution via crafted packets. AG and vxAG 9.3.0.259.x are unaffected.
nvd
CVE-2023-41121P3HIGHCVSS 7.5fixed in 9.4.0.4992023-08-25
CVE-2023-41121 [HIGH] CWE-400 CVE-2023-41121: Array AG OS before 9.4.0.499 allows denial of service: remote attackers can cause system service pro
Array AG OS before 9.4.0.499 allows denial of service: remote attackers can cause system service processes to crash through abnormal HTTP operations.
nvd
CVE-2023-24613P4MEDIUMCVSS 4.9≤ 9.4.0.4702023-02-03
CVE-2023-24613 [MEDIUM] CWE-787 CVE-2023-24613: The user interface of Array Networks AG Series and vxAG through 9.4.0.470 could allow a remote attac
The user interface of Array Networks AG Series and vxAG through 9.4.0.470 could allow a remote attacker to use the gdb tool to overwrite the backend function call stack after accessing the system with administrator privileges. A successful exploit could leverage this vulnerability in the backend binary file that handles the user interface to a cause
nvd