Vulnerability Details CVE-2023-28461
Array Networks Array AG Series and vxAG (9.4.0.481 and earlier) allow remote code execution. An attacker can browse the filesystem on the SSL VPN gateway using a flags attribute in an HTTP header without authentication. The product could then be exploited through a vulnerable URL. The 2023-03-09 vendor advisory stated "a new Array AG release with the fix will be available soon."
Exploit prediction scoring system (EPSS) score
EPSS Score 0.898
EPSS Ranking 99.5%
CVSS Severity
CVSS v3 Score 9.8
Proposed Action
Array Networks AG and vxAG ArrayOS contain a missing authentication for critical function vulnerability that allows an attacker to read local files and execute code on the SSL VPN gateway.
Ransomware Campaign
Known
References
- https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/documentation/FieldNotice/Array_Networks_Security_Advisory_for_Remote_Code_Execution_Vulnerability_AG.pdf
- https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/documentation/FieldNotice/Array_Networks_Security_Advisory_for_Remote_Code_Execution_Vulnerability_AG.pdf
Products affected by CVE-2023-28461
-
cpe:2.3:h:arraynetworks:ag1000:-
-
cpe:2.3:h:arraynetworks:ag1000t:-
-
cpe:2.3:h:arraynetworks:ag1000v5:-
-
cpe:2.3:h:arraynetworks:ag1100v5:-
-
cpe:2.3:h:arraynetworks:ag1150:-
-
cpe:2.3:h:arraynetworks:ag1200:-
-
cpe:2.3:h:arraynetworks:ag1200v5:-
-
cpe:2.3:h:arraynetworks:ag1500:-
-
cpe:2.3:h:arraynetworks:ag1500fips:-
-
cpe:2.3:h:arraynetworks:ag1500v5:-
-
cpe:2.3:h:arraynetworks:ag1600:-
-
cpe:2.3:h:arraynetworks:ag1600v5:-
-
cpe:2.3:h:arraynetworks:vxag:-
-
cpe:2.3:o:arraynetworks:arrayos_ag:-
-
cpe:2.3:o:arraynetworks:arrayos_ag:9.4.0.469
-
cpe:2.3:o:arraynetworks:arrayos_ag:9.4.0.470
-
cpe:2.3:o:arraynetworks:arrayos_ag:9.4.0.481