CVE-2023-28461 : Array Networks Array AG Series and vxAG (9.4.0.481 and earlier) allow remote cod

Array Networks Array AG Series and vxAG (9.4.0.481 and earlier) allow remote code execution. An attacker can browse the filesystem on the SSL VPN gateway using a flags attribute in an HTTP header without authentication. The product could then be exploited through a vulnerable URL. The 2023-03-09 vendor advisory stated "a new Array AG release with the fix will be available soon."

Published 2023-03-15 23:15:10

Updated 2025-03-14 20:01:10

Source MITRE

View at NVD, CVE.org

Vulnerability category: Execute code

Products affected by CVE-2023-28461

Arraynetworks » Arrayos Ag
Versions up to, including, (<=) 9.4.0.481
cpe:2.3:o:arraynetworks:arrayos_ag:*:*:*:*:*:*:*:*
Matching versions
When used together with: Arraynetworks » Ag1000 » Version: N/A
When used together with: Arraynetworks » Ag1000t » Version: N/A
When used together with: Arraynetworks » Ag1000v5 » Version: N/A
When used together with: Arraynetworks » Ag1100v5 » Version: N/A
When used together with: Arraynetworks » Ag1150 » Version: N/A
When used together with: Arraynetworks » Ag1200 » Version: N/A
When used together with: Arraynetworks » Ag1200v5 » Version: N/A
When used together with: Arraynetworks » Ag1500 » Version: N/A
When used together with: Arraynetworks » Ag1500fips » Version: N/A
When used together with: Arraynetworks » Ag1500v5 » Version: N/A
When used together with: Arraynetworks » Ag1600 » Version: N/A
When used together with: Arraynetworks » Ag1600v5 » Version: N/A
When used together with: Arraynetworks » Vxag » Version: N/A

CVE-2023-28461 is in the CISA Known Exploited Vulnerabilities Catalog

This issue is known to have been leveraged as part of a ransomware campaign.

CISA vulnerability name:

Array Networks AG and vxAG ArrayOS Missing Authentication for Critical Function Vulnerability

CISA required action:

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

CISA description:

Array Networks AG and vxAG ArrayOS contain a missing authentication for critical function vulnerability that allows an attacker to read local files and execute code on the SSL VPN gateway.

Notes:

https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/documentation/FieldNotice/Array_Networks_Security_Advisory_for_Remote_Code_Execution_Vulnerability_AG.pdf ; https://nvd.nist.gov/vuln/detail/CVE-2023-28461

Added on 2024-11-25 Action due date 2024-12-16

Exploit prediction scoring system (EPSS) score for CVE-2023-28461

EPSS FAQ

89.76%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 100 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-28461

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	134c704f-9b21-4f2e-91b3-4a467353bcc0	2024-11-25
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High
9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2023-28461

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Assigned by: nvd@nist.gov (Primary)
CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

Assigned by: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

References for CVE-2023-28461

https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/documentation/FieldNotice/Array_Networks_Security_Advisory_for_Remote_Code_Execution_Vulnerability_AG.pdf

Mitigation;Vendor Advisory

Jump to