CNNVD-202507-3909 Information

CNNVD ID

CNNVD-202507-3909

Related CVE

CVE-2014-125121

• CNNVD Published: 2025-07-31

Description (Chinese)

Array Networks vAPV和Array Networks vxAG都是美国Array Networks公司的产品。Array Networks vAPV是一款虚拟应用交付控制器。Array Networks vxAG是一款虚拟安全接入系统。 Array Networks vAPV 8.3.2.17版本和Array Networks vxAG 9.2.0.34版本存在安全漏洞，该漏洞源于硬编码SSH凭据和启动脚本权限不当，可能导致权限提升。

Description (English)

Array Networks vAPV and Array Networks vxAG are products of the United States company Array Networks. Array Networks vAPV is a virtual application delivery controller. Array Networks vxAG is a virtual secure access system. There is a security loophole in the version of Array Networks vAPV 8.3.2.17, and the version of Array Networks vxAG 9.2.0.34, which stems from the fact that hard-coded SSH certificates and script-starting privileges are inappropriate and may lead to an increase in privileges.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

安瑞科技

Published

2025-07-31

Last Modified

2026-02-24

References

https://packetstorm.news/files/id/125761 https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/ssh/array_vxag_vapv_privkey_privesc.rb https://www.exploit-db.com/exploits/32440 https://www.vulncheck.com/advisories/array-networks-vapv-vxag-default-credential-privilege-escalation