Remote Code Execution Vulnerability in Array AG Series and vxAG
CVE-2023-28461

9.8CRITICAL

Key Information:

Vendor
Arraynetworks
Status
Arrayos Ag
Vendor
CVE Published:
15 March 2023

Badges

πŸ’° RansomwareπŸ‘Ύ Exploit Exists🟣 EPSS 22%πŸ¦… CISA ReportedπŸ“° News Worthy

Summary

The vulnerability allows remote code execution on Array Networks' Array AG Series and vxAG products, specifically in versions 9.4.0.481 and earlier. An attacker can exploit this weakness by utilizing a flags attribute within an HTTP header, enabling them to browse the filesystem of the SSL VPN gateway without requiring authentication. The presence of this vulnerability presents significant risks, as attackers could potentially exploit it through a targeted URL. Array Networks has acknowledged the issue and plans to release an updated version that addresses this vulnerability.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited and is known by the CISA as enabling ransomware campaigns.

The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

News Articles

πŸ”—BleepingComputer

Hackers exploit critical bug in Array Networks SSL VPN products

America's Cyber Defense Agency has received evidence of hackers actively exploiting a remote code execution vulnerability in SSL VPN products Array Networks AG and vxAG ArrayOS.

3 months ago

πŸ”—The Cyber Express

CISA Adds CVE-2023-28461 Vulnerability To KEV Catalog

CVE-2023-28461 is a critical flaw in Array Networks products, allowing remote code execution.

3 months ago

πŸ”—The Hacker News

CISA Urges Agencies to Patch Critical "Array Networks" Flaw Amid Active Attacks

CISA flags Array Networks flaw CVE-2023-28461 for active exploitation; agencies urged to patch by December 16.

3 months ago

References

https://support.arraynetworks.net/prx/001/http/supportpor...

EPSS Score

22% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • πŸ’°

    Used in Ransomware

  • πŸ‘Ύ

    Exploit known to exist

  • πŸ¦…

    CISA Reported

  • πŸ“°

    First article discovered by Trend Micro

  • Vulnerability published

  • Vulnerability Reserved

.