CISA Known Exploited Vulnerability
This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.
Remediation Deadline: Dec 16, 2024
High
CISA KEVRansomwareCVE-2023-28461
Array Networks —AG/vxAG ArrayOS
Array Networks AG and vxAG ArrayOS contain a missing authentication for critical function vulnerability that allows an attacker to read local files and execute code on the SSL VPN gateway.
Required Action
https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/documentation/FieldNotice/Array_Networks_Security_Advisory_for_Remote_Code_Execution_Vulnerability_AG.pdf ; https://nvd.nist.gov/vuln/detail/CVE-2023-28461
Vulnerability Overview
- Severity
- High
- CISA KEV
- Yes
- Ransomware
- Known
- Published
- Nov 25, 2024
- KEV Added
- Nov 25, 2024
- Due Date
- Dec 16, 2024
- Related Articles
- 0
Vendor
Array Networks
AG/vxAG ArrayOS