Fixed Intel

CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: Dec 16, 2024

CVE-2023-28461

High
EPSS 87.2%CISA KEVRansomware
Array Networks /AG/vxAG ArrayOS

Description

Array Networks AG and vxAG ArrayOS contain a missing authentication for critical function vulnerability that allows an attacker to read local files and execute code on the SSL VPN gateway.

EPSS — Exploit Probability

87.2%

Higher than 99.4% of all CVEs

Required Action

https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/documentation/FieldNotice/Array_Networks_Security_Advisory_for_Remote_Code_Execution_Vulnerability_AG.pdf ; https://nvd.nist.gov/vuln/detail/CVE-2023-28461

Risk Assessment

CRITICAL
In CISA KEV
High EPSS
Ransomware

Details

Severity
High
EPSS
87.2%
CISA KEV
Yes
Ransomware
Known
Articles
0

Timeline

Published

Nov 25, 2024

Added to KEV

Nov 25, 2024

Remediation Due

Dec 16, 2024

Affected Product

Array Networks

AG/vxAG ArrayOS

View all Array Networks CVEs

External Links

NVD (NIST)CVE DetailsMITRE CVE