CVE-2023-28461

CVSS 9.8 CRITICALEPSS 67.6%● KEVCWE-306

In short

Array Networks SSL VPN gateways (versions 9.4.0.481 and earlier) allow attackers to browse files on the server and execute code remotely without logging in. This happens through a weakness in how the product handles certain HTTP headers, making it critical to patch immediately.

Technical detail

CVE-2023-28461 is an unauthenticated remote code execution vulnerability in Array Networks Array AG Series and vxAG affecting versions ≤9.4.0.481. The attack vector exploits improper validation of a flags attribute in HTTP headers (CWE-306: Missing Authentication Check) to achieve filesystem access and code execution. Pre-condition is network access to the SSL VPN gateway; the impact includes complete system compromise via remote code execution.

Summary generated and translated by AI from the official description.

Array Networks Array AG Series and vxAG (9.4.0.481 and earlier) allow remote code execution. An attacker can browse the filesystem on the SSL VPN gateway using a flags attribute in an HTTP header without authentication. The product could then be exploited through a vulnerable URL. The 2023-03-09 vendor advisory stated "a new Array AG release with the fix will be available soon."

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/documentation/FieldNotice/Array_Networks_Security_Advisory_for_Remote_Code_Execution_Vulnerability_AG.pdf https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-28461