December 2 2024: CISA added a known exploited vulnerability to its catalog on November 25 for Array Networks AG and vxAG Array OS SSL VPN products, tracked as CVE-2023-28461. CISA issued the alert for the vulnerability as it received evidence of threat actors actively exploiting a the flaw.
Impact of Critical Array Networks Flaw
The remote code execution flaw (RCE) vulnerability carries a CVSS of 9.8/10.
Threat actors may be able to gain access to the file system or execute remote code through the SSL VPN gateway using flags attribute in HTTP header without authentication, according to the security bulletin from Array.
The vulnerability was added to CISA’s catalog after it was discovered that threat actors with links to China have been exploiting the flaw for initial access.
Patching and Mitigating Palo Alto Expedition Migration Tool
Array did disclose the flaw in March of 2023 and Array Networks released a fix a week later with Array AG version 9.4.0.484.
Affected versions include ArrayOS AG 9.4.0.481 and earlier on all AG and vxAG products.
Customers that have not yet upgraded to the newest version (9.4.0.484) can apply countermeasures by applying site commands recommended by Array to mitigate the vulnerability.
All Federal Civilian Executive Branch (FCEB) agencies are recommended to apply patches by December 16, 2024 to secure networks, in light of discovery of active exploitation.
Cybersecurity Solutions
Patching all third-party software as soon as a safe version is available is a critical part of your organization’s cyber posture and should be part of your written cyber policies.
Applying and updating patches fixes the vulnerability after the fact. In cases where these vulnerabilities are being active exploited, it’s important to understand if your network has already been compromised through these vulnerabilities if you use Array products, or any other product with a known exploited vulnerability.
If you are concerned about this flaw impacting your network, contact SecuLore for a CyberBenchmark to get started on a cybersecurity risk assessment to get help determining vulnerabilities in your network and get actionable recommendations based on real data captured from your network through our assessment, including immediate remediation options.
SecuLore CyberSight™ provides management of your attack surface and monitoring through our patented technology to detect vulnerabilities in your network and detect anomalous behavior. The technology passively captures all traffic on your network to identify threats that are often missed by other layers of security. The packet captures are sent to our Security Operations Center to be processed via a unique behavioral analysis that is constantly reviewed by our team of CEH (Certified Ethical Hackers)
Stay cyber-safe,
SecuLore Support Team
Other Alerts
Cyber-Protecting Our Nation’s Critical Infrastructure
At SecuLore, our mission is to cyber-protect our nation’s critical infrastructure. Led by experts in 9-1-1 technology, cyberwarfare, and ethical hacking, our team provides the technology, expertise, and training needed to defend customers from increasingly sophisticated cyber threats.