CVE-2023-28461 - Array Networks AG and vxAG ArrayOS Missing Authentication for Critical Function Vulnerability

Vulnerability Name

Array Networks AG and vxAG ArrayOS Missing Authentication for Critical Function Vulnerability

Description

Array Networks AG and vxAG ArrayOS contain a missing authentication for critical function vulnerability that allows an attacker to read local files and execute code on the SSL VPN gateway.

Known To Be Used in Ransomware Campaigns?

Known

Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Additional Notes

https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/documentation/FieldNotice/Array_Networks_Security_Advisory_for_Remote_Code_Execution_Vulnerability_AG.pdf

https://nvd.nist.gov/vuln/detail/CVE-2023-28461

Related News Articles

Chinese APT Group Is Ransacking Japan's SecretsJanuary 10, 2025

MirrorFace hackers targeting Japanese govt, politicians since 2019January 10, 2025

Hackers exploit critical bug in Array Networks SSL VPN productsNovember 26, 2024

CISA Urges Agencies to Patch Critical "Array Networks" Flaw Amid Active AttacksNovember 26, 2024