cbcvebase.

Arraynetworks Arrayos Ag vulnerabilities

6 known vulnerabilities affecting arraynetworks/arrayos_ag.

Total CVEs
6
CISA KEV
2
actively exploited
Public exploits
0
Exploited in wild
2
Severity breakdown
CRITICAL4HIGH1MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2023-28461P1CRITICALCVSS 9.8KEVRansomware≤ 9.4.0.4812023-03-15
CVE-2023-28461 [CRITICAL] CWE-287 CVE-2023-28461: Array Networks Array AG Series and vxAG (9.4.0.481 and earlier) allow remote code execution. An atta Array Networks Array AG Series and vxAG (9.4.0.481 and earlier) allow remote code execution. An attacker can browse the filesystem on the SSL VPN gateway using a flags attribute in an HTTP header without authentication. The product could then be exploited through a vulnerable URL. The 2023-03-09 vendor advisory stated "a new Array AG release with
nvd
CVE-2025-66644P1CRITICALCVSS 9.8KEVfixed in 9.4.5.92025-12-05
CVE-2025-66644 [CRITICAL] CWE-78 CVE-2025-66644: Array Networks ArrayOS AG before 9.4.5.9 allows command injection, as exploited in the wild in Augus Array Networks ArrayOS AG before 9.4.5.9 allows command injection, as exploited in the wild in August through December 2025.
nvd
CVE-2022-42897P2CRITICALCVSS 9.8≤ 9.4.0.4692022-10-13
CVE-2022-42897 [CRITICAL] CWE-77 CVE-2022-42897: Array Networks AG/vxAG with ArrayOS AG before 9.4.0.469 allows unauthenticated command injection tha Array Networks AG/vxAG with ArrayOS AG before 9.4.0.469 allows unauthenticated command injection that leads to privilege escalation and control of the system. NOTE: ArrayOS AG 10.x is unaffected.
nvd
CVE-2023-51707P2CRITICALCVSS 9.8fixed in 9.4.0.5052023-12-22
CVE-2023-51707 [CRITICAL] CWE-77 CVE-2023-51707: MotionPro in Array ArrayOS AG before 9.4.0.505 on AG and vxAG allows remote command execution via cr MotionPro in Array ArrayOS AG before 9.4.0.505 on AG and vxAG allows remote command execution via crafted packets. AG and vxAG 9.3.0.259.x are unaffected.
nvd
CVE-2023-41121P3HIGHCVSS 7.5fixed in 9.4.0.4992023-08-25
CVE-2023-41121 [HIGH] CWE-400 CVE-2023-41121: Array AG OS before 9.4.0.499 allows denial of service: remote attackers can cause system service pro Array AG OS before 9.4.0.499 allows denial of service: remote attackers can cause system service processes to crash through abnormal HTTP operations.
nvd
CVE-2023-24613P4MEDIUMCVSS 4.9≤ 9.4.0.4702023-02-03
CVE-2023-24613 [MEDIUM] CWE-787 CVE-2023-24613: The user interface of Array Networks AG Series and vxAG through 9.4.0.470 could allow a remote attac The user interface of Array Networks AG Series and vxAG through 9.4.0.470 could allow a remote attacker to use the gdb tool to overwrite the backend function call stack after accessing the system with administrator privileges. A successful exploit could leverage this vulnerability in the backend binary file that handles the user interface to a cause
nvd
Arraynetworks Arrayos Ag vulnerabilities | cvebase