U.S. CISA adds Array Networks AG and vxAG ArrayOS flaw to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Array Networks AG and vxAG ArrayOS flaw to its Known Exploited Vulnerabilities catalog.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the Array Networks AG and vxAG ArrayOS flaw CVE-2023-28461 (CVSS score: 9.8) to its Known Exploited Vulnerabilities (KEV) catalog.
Array Networks’ AG Series and vxAG (versions 9.4.0.481 and earlier) is impacted by a remote code execution vulnerability. Attackers can exploit the SSL VPN gateway by accessing the filesystem via an HTTP header flags attribute and a vulnerable URL without authentication.
“Array Networks Array AG Series and vxAG (9.4.0.481 and earlier) allow remote code execution. An attacker can browse the filesystem on the SSL VPN gateway using a flags attribute in an HTTP header without authentication. The product could then be exploited through a vulnerable URL.” reads the advisory.
According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.
Experts also recommend private organizations review the Catalog and address the vulnerabilities in their infrastructure.
CISA orders federal agencies to fix this vulnerability by December 16, 2024.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, CISA Known Exploited Vulnerabilities catalog)
目录
最新
- HPE is investigating IntelBroker’s claims of the company hack
- Esperts found new DoNot Team APT group’s Android malware
- Malicious npm and PyPI target Solana Private keys to steal funds from victims’ wallets
- Planet WGS-804HPT Industrial Switch flaws could be chained to achieve remote code execution
- SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 29
- Security Affairs newsletter Round 507 by Pierluigi Paganini – INTERNATIONAL EDITION
- A flaw in the W3 Total Cache plugin exposes hundreds of thousands of WordPress sites to attacks
- U.S. Treasury Sanctions Chinese cybersecurity firm and actor over federal agency breach tied to Salt Typhoon