We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2023-28461



Description

Array Networks Array AG Series and vxAG (9.4.0.481 and earlier) allow remote code execution. An attacker can browse the filesystem on the SSL VPN gateway using a flags attribute in an HTTP header without authentication. The product could then be exploited through a vulnerable URL. The 2023-03-09 vendor advisory stated "a new Array AG release with the fix will be available soon."

Reserved 2023-03-15 | Published 2023-03-15 | Updated 2024-12-02 | Assigner mitre

CISA Known Exploited Vulnerability

Date added 2024-11-25 | Due date 2024-12-16

Known Ransomware Campaign(s)

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

References

support.arraynetworks.net/..._Execution_Vulnerability_AG.pdf

cve.org (CVE-2023-28461)

nvd.nist.gov (CVE-2023-28461)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2023-28461

Support options

Helpdesk Chat, Email, Knowledgebase
Telegram Chat
Subscribe to our newsletter to learn more about our work.