CVE-2014-125121

CRITICAL EPSS 52.5%
Published Jul 31, 202511mo ago · Modified Jun 17, 20261w ago
10.0 CVSS 4.0
Critical
Find Similar
Published Jul 31, 2025 11mo ago
Last Modified Jun 17, 2026 1w ago

Description

Array Networks vAPV (version 8.3.2.17) and vxAG (version 9.2.0.34) appliances are affected by a privilege escalation vulnerability caused by a combination of hardcoded SSH credentials (or SSH private key) and insecure permissions on a startup script. The devices ship with a default SSH login or a hardcoded DSA private key, allowing an attacker to authenticate remotely with limited privileges. Once authenticated, an attacker can overwrite the world-writable /ca/bin/monitor.sh script with arbitrary commands. Since this script is executed with elevated privileges through the backend binary, enabling the debug monitor via backend -c "debug monitor on" triggers execution of the attacker's payload as root. This allows full system compromise.

CVSS Details

Base Score
10.0
Exploitability
Impact
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope X

Threat Intelligence

EPSS Exploit Probability
52.5% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 2

CWE-732
CWE-798 Use of Hard-coded Credentials Authentication

References 4

  • packetstorm.news https://packetstorm.news/files/id/125761
  • raw.githubusercontent.com https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/ssh/array_vxag_vapv_privkey_privesc.rb
  • exploit-db.com https://www.exploit-db.com/exploits/32440
  • vulncheck.com https://www.vulncheck.com/advisories/array-networks-vapv-vxag-default-credential-privilege-escalation

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.