CVE-2023-24613

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-24613

4.9 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

T

he user interface of Array Networks AG Series and vxAG through 9.4.0.470 could allow a remote attacker to use the gdb tool to overwrite the backend function call stack after accessing the system with administrator privileges. A successful exploit could leverage this vulnerability in the backend binary file that handles the user interface to a cause denial of service attack. This is fixed in AG 9.4.0.481.

References
Link Resource
https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/documentation/FieldNotice/Array_Networks_Security_Advisory_for_UI_Stack_Overflow_Vulnerability_ID-128285_V1.0.pdf Vendor Advisory
https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/documentation/FieldNotice/Array_Networks_Security_Advisory_for_UI_Stack_Overflow_Vulnerability_ID-128285_V1.0.pdf Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:arraynetworks:arrayos_ag:*:*:*:*:*:*:*:*
OR cpe:2.3:h:arraynetworks:ag1000:-:*:*:*:*:*:*:*
cpe:2.3:h:arraynetworks:ag1000t:-:*:*:*:*:*:*:*
cpe:2.3:h:arraynetworks:ag1000v5:-:*:*:*:*:*:*:*
cpe:2.3:h:arraynetworks:ag1100v5:-:*:*:*:*:*:*:*
cpe:2.3:h:arraynetworks:ag1150:-:*:*:*:*:*:*:*
cpe:2.3:h:arraynetworks:ag1200:-:*:*:*:*:*:*:*
cpe:2.3:h:arraynetworks:ag1200v5:-:*:*:*:*:*:*:*
cpe:2.3:h:arraynetworks:ag1500:-:*:*:*:*:*:*:*
cpe:2.3:h:arraynetworks:ag1500fips:-:*:*:*:*:*:*:*
cpe:2.3:h:arraynetworks:ag1500v5:-:*:*:*:*:*:*:*
cpe:2.3:h:arraynetworks:ag1600:-:*:*:*:*:*:*:*
cpe:2.3:h:arraynetworks:ag1600v5:-:*:*:*:*:*:*:*
cpe:2.3:h:arraynetworks:vxag:-:*:*:*:*:*:*:*
History

21 Nov 2024, 07:48

Type Values Removed Values Added
Summary
  • (es) La interfaz de usuario de Array Networks AG Series y vxAG hasta la versión 9.4.0.470 podría permitir a un atacante remoto utilizar la herramienta gdb para sobrescribir la pila de llamadas de funciones backend después de acceder al sistema con privilegios de administrador. Un exploit exitoso podría aprovechar esta vulnerabilidad en el archivo binario backend que maneja la interfaz de usuario para provocar un ataque de denegación de servicio. Esto se soluciona en AG 9.4.0.481.
References () https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/documentation/FieldNotice/Array_Networks_Security_Advisory_for_UI_Stack_Overflow_Vulnerability_ID-128285_V1.0.pdf - Vendor Advisory () https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/documentation/FieldNotice/Array_Networks_Security_Advisory_for_UI_Stack_Overflow_Vulnerability_ID-128285_V1.0.pdf - Vendor Advisory
Information

Published : 2023-02-03 02:15

Updated : 2025-03-26 15:15

NVD link : CVE-2023-24613

Mitre link : CVE-2023-24613

CVE.ORG link : CVE-2023-24613

JSON object : View

Products Affected

arraynetworks

CWE
CWE-787

Out-of-bounds Write