CVE-2023-28461

Array Networks | AG/vxAG ArrayOSAdded 2024-11-25Remediation Deadline 2024-12-16Active Ransomware Campaign

Array Networks AG and vxAG ArrayOS Missing Authentication for Critical Function Vulnerability

Array Networks AG and vxAG ArrayOS contain a missing authentication for critical function vulnerability that allows an attacker to read local files and execute code on the SSL VPN gateway.

Required Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Weakness Classification

CWE-306

References

https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/documentation/FieldNotice/Array_Networks_Security_Advisory_for_Remote_Code_Execution_Vulnerability_AG.pdf
https://nvd.nist.gov/vuln/detail/CVE-2023-28461

Cybersecurity Alerts

CVE-2023-28461

Array Networks AG and vxAG ArrayOS Missing Authentication for Critical Function Vulnerability

Required Action

Weakness Classification

References