Hacker nutzen kritischen Fehler in SSL-VPN-Produkten von Array Networks aus

America’s cyber defense agency has received evidence of hackers actively exploiting a remote code execution vulnerability in SSL VPN products Array Networks AG and vxAG ArrayOS.

The security issue is tracked as CVE-2023-28461 and has been assigned a critical 9.8 severity score and the agency has included it to the catalog of Known Exploited Vulnerabilities (KEV).

The bug can be exploited through a vulnerable URL and is an improper authentication issue that allows remote code execution in Array AG Series and vxAG version 9.4.0.481 and earlier.

“(CVE-2023-28461 is) […] a web security vulnerability that allows an attacker to browse the filesystem or execute remote code on the SSL VPN gateway using flags attribute in HTTP header without authentication,” the vendor says in a security bulletin.

The flaw was disclosed last year on March 9 and Array Networks fixed it about a week later with release of Array AG release 9.4.0.484.

Array Networks AG Series (hardware appliances) and vxAG Series (virtual appliances) are SSL VPN products offer secure remote and mobile access to corporate networks, enterprise applications, and cloud services.

According to the vendor, they are used by over 5,000 customers worldwide, including enterprises, service providers, and government agencies.

CISA has not provided any details on who is taking advantage of the vulnerability and targeted organizations but added it to the Known Exploited Vulnerabilities (KEV) catalog “based on evidence of active exploitation.”

The agency recommends that all federal agencies and critical infrastructure organizations either apply security updates and available mitigations by December 16 or stop using the product.

Security updates for the impacted products are available through the Array support portal. The vendor also provides in the security advisory a set of commands to mitigate the vulnerability if updates cannot be installed immediately.

However, organizations should first test the effect of the commands as they may have a negative impact on the functionality of Client Security, the VPN client’s ability to upgrade automatically, and the Portal User Resource function.

Quelle

Kommentar verfassen Kommentieren abbrechen

London, GB

11:10 pm, Apr. 22, 2025

10°C

L: 9° | H: 11°

Fühlt sich an wie 9°C° broken clouds

Luftfeuchtigkeit: 81 %

Druck: 1015 mb

Wind: 6 mph WSW

Windböe: 12 mph

UV-Index: 0

Niederschlag: 0 mm

Wolken: 77%

Regen Chance: 0%

Sichtbarkeit: 10 km

Sonnenaufgang: 5:49 am

Sonnenuntergang: 8:07 pm

TäglichStündlich

Tägliche VorhersageStündliche Vorhersage

Tomorrow 10:00 pm

9° | 11°°C 1 mm 100% 13 mph 93 % 1018 mb 0 mm/h

Do. Apr. 24 10:00 pm

7° | 16°°C 0.2 mm 20% 6 mph 85 % 1023 mb 0 mm/h

Fr. Apr. 25 10:00 pm

8° | 17°°C 0 mm 0% 9 mph 84 % 1024 mb 0 mm/h

Sa. Apr. 26 10:00 pm

9° | 16°°C 0.99 mm 99% 6 mph 89 % 1024 mb 0 mm/h

So. Apr. 27 10:00 pm

9° | 19°°C 0 mm 0% 8 mph 96 % 1025 mb 0 mm/h

Tomorrow 1:00 am

10° | 10°°C 0 mm 0% 7 mph 80 % 1015 mb 0 mm/h

Tomorrow 4:00 am

8° | 9°°C 1 mm 100% 9 mph 89 % 1012 mb 0 mm/h

Tomorrow 7:00 am

8° | 8°°C 1 mm 100% 13 mph 93 % 1009 mb 0 mm/h

Tomorrow 10:00 am

10° | 10°°C 1 mm 100% 10 mph 93 % 1010 mb 0 mm/h

Tomorrow 1:00 pm

11° | 11°°C 0.8 mm 80% 9 mph 84 % 1012 mb 0 mm/h

Tomorrow 4:00 pm

11° | 11°°C 0.2 mm 20% 11 mph 72 % 1013 mb 0 mm/h

Tomorrow 7:00 pm

11° | 11°°C 0 mm 0% 7 mph 73 % 1015 mb 0 mm/h

Tomorrow 10:00 pm

9° | 9°°C 0 mm 0% 3 mph 89 % 1018 mb 0 mm/h

Name	Preis	24H (%)
Bitcoin(BTC)	€80,989.84	6.79%
Ethereum(ETH)	€1,527.08	11.26%
Fesseln(USDT)	€0.87	0.02%
XRP(XRP)	€1.94	7.36%
Solana(SOL)	€128.75	8.28%
USDC(USDC)	€0.87	-0.01%
Dogecoin(DOGE)	€0.154897	12.20%
Shiba Inu(SHIB)	€0.000012	10.20%
Pepe(PEPE)	€0.000008	13.18%

Hacker nutzen kritischen Fehler in SSL-VPN-Produkten von Array Networks aus

Teilen:

Kommentar verfassen Kommentieren abbrechen

Verbindung zum Dienstprogramm

Nützlicher Link

Newsletter

Folgen Sie uns