Details of VAR-201403-0711

ID

VAR-201403-0711

TITLE

Multiple vulnerabilities in multiple Array Networks products

Trust: 0.6

sources: CNVD: CNVD-2014-01908

DESCRIPTION

Array Networks is a world-leading application intelligence security company dedicated to providing customers with multi-layer network security and application solutions. There are several security vulnerabilities in the Array Networks vxAG / xAPV product: 1. The /etc/master.passwd file contains the default shell user and password, allowing an attacker to crack access to account information and gain unauthorized access to the device. 2. The \"sync\" user contains the private key information in the \"~/.ssh/id_dsa\" file, allowing the attacker to obtain the key and unauthorized access to the device. This may aid in further attacks

Trust: 0.81

sources: CNVD: CNVD-2014-01908 // BID: 66299

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-01908

AFFECTED PRODUCTS

vendor:	array	model:	vxag xapv	scope:	eq	version:	/	Trust: 0.6
vendor:	array	model:	networks vxag	scope:	eq	version:	9.2.0.34	Trust: 0.3
vendor:	array	model:	networks vapv	scope:	eq	version:	8.3.2.17	Trust: 0.3

sources: CNVD: CNVD-2014-01908 // BID: 66299

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2014-01908
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2014-01908
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2014-01908

THREAT TYPE

network

Trust: 0.3

sources: BID: 66299

TYPE

Unknown

Trust: 0.3

sources: BID: 66299

EXTERNAL IDS

db:	BID	id:	66299	Trust: 0.9
db:	PACKETSTORM	id:	125761	Trust: 0.6
db:	CNVD	id:	CNVD-2014-01908	Trust: 0.6

sources: CNVD: CNVD-2014-01908 // BID: 66299

REFERENCES

url:	http://packetstormsecurity.com/files/125761/arraynetworks-escalate.txt	Trust: 0.6
url:	http://www.arraynetworks.com/products-vxag-virtual-secure-access-gateway.html	Trust: 0.3

sources: CNVD: CNVD-2014-01908 // BID: 66299

CREDITS

xistence

Trust: 0.3

sources: BID: 66299

SOURCES

db:	CNVD	id:	CNVD-2014-01908
db:	BID	id:	66299

LAST UPDATE DATE

2022-05-17T02:04:39.377000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-01908	date:	2014-03-24T00:00:00
db:	BID	id:	66299	date:	2014-03-18T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2014-01908	date:	2014-03-24T00:00:00
db:	BID	id:	66299	date:	2014-03-18T00:00:00