Vulnerability Description
The user interface of Array Networks AG Series and vxAG through 9.4.0.470 could allow a remote attacker to use the gdb tool to overwrite the backend function call stack after accessing the system with administrator privileges. A successful exploit could leverage this vulnerability in the backend binary file that handles the user interface to a cause denial of service attack. This is fixed in AG 9.4.0.481.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Arraynetworks | Arrayos Ag | <= 9.4.0.470 |
| Arraynetworks | Ag1000 | - |
| Arraynetworks | Ag1000T | - |
| Arraynetworks | Ag1000V5 | - |
| Arraynetworks | Ag1100V5 | - |
| Arraynetworks | Ag1150 | - |
| Arraynetworks | Ag1200 | - |
| Arraynetworks | Ag1200V5 | - |
| Arraynetworks | Ag1500 | - |
| Arraynetworks | Ag1500Fips | - |
| Arraynetworks | Ag1500V5 | - |
| Arraynetworks | Ag1600 | - |
| Arraynetworks | Ag1600V5 | - |
| Arraynetworks | Vxag | - |
Related Weaknesses (CWE)
References
- https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/dVendor Advisory
- https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/dVendor Advisory
FAQ
What is CVE-2023-24613?
CVE-2023-24613 is a vulnerability with a CVSS score of 4.9 (MEDIUM). The user interface of Array Networks AG Series and vxAG through 9.4.0.470 could allow a remote attacker to use the gdb tool to overwrite the backend function call stack after accessing the system with...
How severe is CVE-2023-24613?
CVE-2023-24613 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-24613?
Check the references section above for vendor advisories and patch information. Affected products include: Arraynetworks Arrayos Ag, Arraynetworks Ag1000, Arraynetworks Ag1000T, Arraynetworks Ag1000V5, Arraynetworks Ag1100V5.