This host is running Array Networks vxAG/xAPV and is prone to authentication bypass vulnerabilities.

Successful exploitation will allow attacker to gain unauthorized root access to affected devices and completely compromise the devices. Impact Level: System/Application

No Solution is available as of 20th March, 2014. Information regarding this issue will be updated once the solution details are available. For more information refer to http://www.arraynetworks.com

Multiple flaws are due to - The program using insecure world writable permissions for the '/ca/bin/monitor.sh' file. - The 'mfg' account has a password of 'mfg' and the 'sync' account has a password of 'click1', which is publicly known and documented. - If a remote attacker has explicit knowledge of the SSH keys they can potentially gain privileged access to the device.

Array Networks vxAG 9.2.0.34 and vAPV 8.3.2.17 appliances

Send a default SSH credentials and check whether it is possible to login to the target machine

• http://packetstormsecurity.com/files/125761
• http://www.osvdb.org/104652
• http://www.osvdb.org/104653
• http://www.osvdb.org/104654

---

Updated on 2015-03-25