CVE-2022-42897

CRITICAL

Arraynetworks Arrayos AG < 9.4.0.469 - Command Injection

Title source: rule
STIX 2.1

Description

Array Networks AG/vxAG with ArrayOS AG before 9.4.0.469 allows unauthenticated command injection that leads to privilege escalation and control of the system. NOTE: ArrayOS AG 10.x is unaffected.

References (2)

Core 2

Scores

CVSS v3 9.8
EPSS 0.0150
EPSS Percentile 71.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-77
Status published
Products (1)
arraynetworks/arrayos_ag < 9.4.0.469
Published Oct 13, 2022
Tracked Since Feb 18, 2026