CVE-2023-28461β€”Array Networks AG and vxAG ArrayOS Missing Authentication for Critical Function Vulnerability

PUBLISHEDvulnerability record
2024-11-25 Β· last modified June 21, 2025

Metadata

CVE ID:
CVE-2023-28461
Project:
Array Networks
Product:
AG/vxAG ArrayOS
Date Added:
2024-11-25
Due Date:
2024-12-16
Last Updated:
June 21, 2025

Vulnerability Name

Array Networks AG and vxAG ArrayOS Missing Authentication for Critical Function Vulnerability

Description

Array Networks AG and vxAG ArrayOS contain a missing authentication for critical function vulnerability that allows an attacker to read local files and execute code on the SSL VPN gateway.

Known To Be Used in Ransomware Campaigns?

Ransomware Status:
KNOWN

Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Additional Notes

Related News Articles

Related Weaknesses