Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Array Networks vAPV and vxAG Default Credential Privilege Escalation
Vulnerability Description
Array Networks vAPV (version 8.3.2.17) and vxAG (version 9.2.0.34) appliances are affected by a privilege escalation vulnerability caused by a combination of hardcoded SSH credentials (or SSH private key) and insecure permissions on a startup script. The devices ship with a default SSH login or a hardcoded DSA private key, allowing an attacker to authenticate remotely with limited privileges. Once authenticated, an attacker can overwrite the world-writable /ca/bin/monitor.sh script with arbitrary commands. Since this script is executed with elevated privileges through the backend binary, enabling the debug monitor via backend -c "debug monitor on" triggers execution of the attacker's payload as root. This allows full system compromise.
CVSS Information
N/A
Vulnerability Type
使用硬编码的凭证
Vulnerability Title
Array Networks vAPV和Array Networks vxAG 安全漏洞
Vulnerability Description
Array Networks vAPV和Array Networks vxAG都是美国Array Networks公司的产品。Array Networks vAPV是一款虚拟应用交付控制器。Array Networks vxAG是一款虚拟安全接入系统。 Array Networks vAPV 8.3.2.17版本和Array Networks vxAG 9.2.0.34版本存在安全漏洞,该漏洞源于硬编码SSH凭据和启动脚本权限不当,可能导致权限提升。
CVSS Information
N/A
Vulnerability Type
N/A