CVE-2023-28461 - Array Networks AG and vxAG ArrayOS Improper Authentication Vulnerability
CVE-2023-28461
Array Networks | AG/vxAG ArrayOS
- Date Added:
- 2024-11-25
- Due Date:
- 2024-12-16
- Vulnerability Name
Array Networks AG and vxAG ArrayOS Improper Authentication Vulnerability
- Description
Array Networks AG and vxAG ArrayOS contains an improper authentication vulnerability that allows an attacker to read local files and execute code on the SSL VPN gateway.
- Known To Be Used in Ransomware Campaigns?
Unknown
- Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- Additional Notes
- https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/documentation/FieldNotice/Array_Networks_Security_Advisory_for_Remote_Code_Execution_Vulnerability_AG.pdf ; https://nvd.nist.gov/vuln/detail/CVE-2023-28461
Free security scan for your website