CVE-2023-28461 - Array Networks AG and vxAG ArrayOS Missing Authentication for Critical Function Vulnerability
Project:Array Networks
Product:AG/vxAG ArrayOS
Date Added:2024-11-25Due Date:2024-12-16
Vulnerability Name
Array Networks AG and vxAG ArrayOS Missing Authentication for Critical Function Vulnerability
Description
Array Networks AG and vxAG ArrayOS contain a missing authentication for critical function vulnerability that allows an attacker to read local files and execute code on the SSL VPN gateway.
Known To Be Used in Ransomware Campaigns?
Known
Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Additional Notes
https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/documentation/FieldNotice/Array_Networks_Security_Advisory_for_Remote_Code_Execution_Vulnerability_AG.pdf
https://nvd.nist.gov/vuln/detail/CVE-2023-28461
Related News Articles
Chinese APT Group Is Ransacking Japan's SecretsJanuary 10, 2025
MirrorFace hackers targeting Japanese govt, politicians since 2019January 10, 2025
Hackers exploit critical bug in Array Networks SSL VPN productsNovember 26, 2024
CISA Urges Agencies to Patch Critical "Array Networks" Flaw Amid Active AttacksNovember 26, 2024