CVE-2023-28461 - Array Networks AG and vxAG ArrayOS Missing Authentication for Critical Function Vulnerability
CVE-2023-28461
Array Networks | AG/vxAG ArrayOS
- Date Added:
- 2024-11-25
- Due Date:
- 2024-12-16
- Vulnerability Name
Array Networks AG and vxAG ArrayOS Missing Authentication for Critical Function Vulnerability
- Description
Array Networks AG and vxAG ArrayOS contain a missing authentication for critical function vulnerability that allows an attacker to read local files and execute code on the SSL VPN gateway.
- Known To Be Used in Ransomware Campaigns?
Known
- Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- Additional Notes
- https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/documentation/FieldNotice/Array_Networks_Security_Advisory_for_Remote_Code_Execution_Vulnerability_AG.pdf ; https://nvd.nist.gov/vuln/detail/CVE-2023-28461
- Related News Articles
Free security scan for your website