CVE-2023-28461

Name of the Vulnerable Software and Affected Versions Array Networks Array AG Series and vxAG versions 9.4.0.481 and earlier

Description A critical security flaw allows remote code execution. An attacker can browse the filesystem on the SSL VPN gateway using a flags attribute in an HTTP header without authentication. The product could then be exploited through a vulnerable URL. There is evidence of active exploitation of this issue.

Recommendations For versions 9.4.0.481 and earlier, upgrade to version 9.4.0.484 or later immediately. As a temporary workaround, consider restricting access to the vulnerable URL and disabling the use of HTTP header flags until a patch is available. Apply mitigations to protect your organization from cyberattacks by visiting the CISA website for more information.