We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
Array Networks Array AG Series and vxAG (9.4.0.481 and earlier) allow remote code execution. An attacker can browse the filesystem on the SSL VPN gateway using a flags attribute in an HTTP header without authentication. The product could then be exploited through a vulnerable URL. The 2023-03-09 vendor advisory stated "a new Array AG release with the fix will be available soon."
Reserved 2023-03-15 | Published 2023-03-15 | Updated 2024-12-02 | Assigner mitreDate added 2024-11-25 | Due date 2024-12-16
Known Ransomware Campaign(s)
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
support.arraynetworks.net/..._Execution_Vulnerability_AG.pdf
Support options