CVE-2023-28460

HIGH

Array Networks APV - Command Injection

Title source: llm

Description

A command injection vulnerability was discovered in Array Networks APV products. A remote attacker can send a crafted packet after logging into the affected appliance as an administrator, resulting in arbitrary shell code execution. This is fixed in 8.6.1.262 or newer and 10.4.2.93 or newer.

References (1)

Core 1

Core References

Vendor Advisory

https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/documentation/FieldNotice/Array_Networks_Security_Advisory_Command_Injection_Vulnerabilities_APV_ID-133258.pdf

Scores

CVSS v3 7.2

EPSS 0.0162

EPSS Percentile 73.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-77

Status published

Products (2)

arraynetworks/array_os 10.4.3.2

arraynetworks/array_os < 8.6.1.243

Published Mar 15, 2023

Tracked Since Feb 18, 2026