Remote Code Execution Vulnerability in Array Networks Array AG Series and vxAG (9.4.0.481 and earlier)

Remote Code Execution Vulnerability in Array Networks Array AG Series and vxAG (9.4.0.481 and earlier)

CVE-2023-28461 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Array Networks Array AG Series and vxAG (9.4.0.481 and earlier) allow remote code execution. An attacker can browse the filesystem on the SSL VPN gateway using a flags attribute in an HTTP header without authentication. The product could then be exploited through a vulnerable URL. The 2023-03-09 vendor advisory stated "a new Array AG release with the fix will be available soon."

Learn more about our Network Penetration Testing.