When it comes to protecting your data, staying updated on the latest security threats is vital. A critical flaw in Array Networks has recently put organizations at risk, with hackers actively exploiting the vulnerability.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is urging immediate action to patch this flaw, as it could lead to remote code execution and unauthorized access.
Key Takeaway to Critical Flaw in Array Networks Targeted by Hackers:
- Critical Flaw in Array Networks: Organizations using Array Networks products must urgently apply patches to address this critical security flaw and prevent potential breaches.
Understanding the Critical Flaw in Array Networks
The vulnerability, tracked as CVE-2023-28461, affects Array Networks AG and vxAG secure access gateways. This flaw has a severity score of 9.8 out of 10, making it a high-priority issue.
Here’s what you need to know about the flaw:
| Vulnerability Details | Key Information |
|---|---|
| Vulnerability Name | CVE-2023-28461 |
| Severity | Critical (CVSS score: 9.8) |
| Type | Missing Authentication |
| Impact | Remote code execution; unauthorized access to files or system |
| Fix Available Since | March 2023 (version 9.4.0.484) |
This flaw allows attackers to exploit a vulnerable URL using an HTTP header’s “flags” attribute. If successful, hackers could remotely execute malicious code or browse through sensitive files without needing authentication.
Who Is Exploiting This Flaw?
The critical flaw in Array Networks has been linked to active exploitation by a China-backed cyber espionage group called Earth Kasha, also known as MirrorFace. This group is notorious for targeting government and enterprise systems in Japan, Taiwan, India, and parts of Europe.
For example:
- Earlier this year, Earth Kasha exploited this flaw to breach a European diplomatic organization. Using the upcoming World Expo 2025 as a lure, they delivered a backdoor called ANEL to gain control over systems.
- Trend Micro identified Earth Kasha targeting public-facing enterprise products, including Array Networks devices, to gain initial access and deploy malware.
Why Immediate Action is Necessary
CISA has added this vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, highlighting its urgency. Federal agencies and organizations must patch the flaw by December 16, 2024, to secure their networks.
With over 440,000 internet-facing devices potentially exposed, according to cybersecurity firm VulnCheck, this vulnerability poses a global risk. Organizations failing to address this issue risk unauthorized access, data breaches, and financial loss.
How to Protect Your Network
Protecting your system against this critical flaw is crucial. Here’s what organizations should do:
- Apply the Patch Immediately: Update to version 9.4.0.484 or later to fix the vulnerability.
- Minimize Internet Exposure: Limit access to secure gateways from untrusted networks.
- Enhance Threat Intelligence: Use tools to detect potential exploits targeting this flaw.
- Maintain Strong Patch Management: Regularly update all systems to address known vulnerabilities.
- Implement Mitigations: Restrict unnecessary network access to reduce potential attack vectors.
What Sets This Flaw Apart?
Unlike typical vulnerabilities, the critical flaw in Array Networks is actively being exploited. Hackers aren’t waiting but they’re already targeting systems. This emphasizes the need for organizations to remain proactive and responsive in their cybersecurity efforts.
Addressing the critical flaw in Array Networks is a necessity. By taking swift action, organizations can protect their data and ensure a more secure digital environment.
About CISA
The Cybersecurity and Infrastructure Security Agency (CISA) is a U.S. federal agency dedicated to protecting national critical infrastructure. It provides tools, resources, and guidance to help organizations combat cybersecurity threats and vulnerabilities.
FAQs
What is CVE-2023-28461?
CVE-2023-28461 is a critical vulnerability in Array Networks AG and vxAG secure access gateways, allowing hackers to execute remote code without authentication.
Who should patch this flaw?
Any organization using affected Array Networks products should apply the available patches immediately to secure their systems.
How can I check if my system is affected?
Check your system’s firmware version. If it’s older than 9.4.0.484, your system is vulnerable.
What are the risks of not patching?
Failure to patch this flaw could result in unauthorized access, data theft, and financial losses due to cyberattacks.
Is this flaw being actively exploited?
Yes, groups like Earth Kasha are already using this vulnerability to target organizations globally
