1. Home
  2. CVE Database
  3. CVE-2022-42897
CRITICAL · 9.8

CVE-2022-42897

Array Networks AG/vxAG with ArrayOS AG before 9.4.0.469 allows unauthenticated command injection that leads to privilege escalation and control of the system. NOTE: ArrayOS AG 10.x is unaffected.

Vulnerability Description

Array Networks AG/vxAG with ArrayOS AG before 9.4.0.469 allows unauthenticated command injection that leads to privilege escalation and control of the system. NOTE: ArrayOS AG 10.x is unaffected.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
ArraynetworksArrayos Ag<= 9.4.0.469
ArraynetworksAg1000-
ArraynetworksAg1000T-
ArraynetworksAg1000V5-
ArraynetworksAg1100V5-
ArraynetworksAg1150-
ArraynetworksAg1200-
ArraynetworksAg1200V5-
ArraynetworksAg1500-
ArraynetworksAg1500Fips-
ArraynetworksAg1500V5-
ArraynetworksAg1600-
ArraynetworksAg1600V5-
ArraynetworksAh1100-
ArraynetworksVxag-

Related Weaknesses (CWE)

CWE-77

References

FAQ

What is CVE-2022-42897?

CVE-2022-42897 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Array Networks AG/vxAG with ArrayOS AG before 9.4.0.469 allows unauthenticated command injection that leads to privilege escalation and control of the system. NOTE: ArrayOS AG 10.x is unaffected.

How severe is CVE-2022-42897?

CVE-2022-42897 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2022-42897?

Check the references section above for vendor advisories and patch information. Affected products include: Arraynetworks Arrayos Ag, Arraynetworks Ag1000, Arraynetworks Ag1000T, Arraynetworks Ag1000V5, Arraynetworks Ag1100V5.