Ethical Hacking News
Hackers exploit critical bug in Array Networks SSL VPN products, putting over 5,000 customers at risk of remote code execution and data breaches.
Array Networks has been hit by a critical vulnerability (CVE-2023-28461) allowing remote code execution. The vulnerability has a severity score of 9.8 and is included in CISA's Known Exploited Vulnerabilities catalog. The affected products are Array Networks AG Series hardware appliances and vxAG Series virtual appliances, used by over 5,000 customers worldwide. Security updates have been released, but applying them may impact certain features; a set of commands can be used as an alternative. Organizations should take proactive measures to protect against SSL VPN exploitation and ensure their systems are up-to-date with the latest security patches.
Array Networks, a leading provider of secure remote and mobile access to corporate networks, enterprise applications, and cloud services, has been hit by a critical vulnerability that allows hackers to exploit remote code execution. The security issue, tracked as CVE-2023-28461, has been assigned a severity score of 9.8 and is now included in the catalog of Known Exploited Vulnerabilities (KEV) maintained by the US Cybersecurity and Infrastructure Security Agency (CISA).
The vulnerability, which was disclosed last year on March 9, allows an attacker to browse the filesystem or execute remote code on the SSL VPN gateway using flags attribute in HTTP header without authentication. This means that any organization that uses Array Networks' SSL VPN products, including enterprises, service providers, and government agencies, is at risk of being compromised by this critical bug.
Array Networks AG Series (hardware appliances) and vxAG Series (virtual appliances) are the affected products, which are used by over 5,000 customers worldwide. The vendor has already released security updates for the impacted products, but it is recommended that all federal agencies and critical infrastructure organizations either apply these updates and available mitigations by December 16 or stop using the product.
However, organizations should exercise caution when applying any security patches or updates, as they may have a negative impact on the functionality of certain features, such as Client Security, the VPN client's ability to upgrade automatically, and the Portal User Resource function. To mitigate this vulnerability without installing immediate security updates, Array Networks provides a set of commands that can be used.
In recent months, we have seen an increase in attacks exploiting critical vulnerabilities in various SSL VPN products. The exploitation of these vulnerabilities has resulted in significant financial losses for organizations and compromised sensitive information. As such, it is essential to take proactive measures to protect against such threats.
The fact that CISA has assigned a severity score of 9.8 to this vulnerability highlights the potential impact of an attack exploiting it. A severity score of 9.8 indicates that the vulnerability has been determined to be extremely serious and could potentially allow attackers to execute arbitrary code, giving them control over the compromised system.
To protect against this critical bug, organizations should ensure that their SSL VPN products are up-to-date with the latest security patches and follow best practices for securing remote access to corporate networks. Regularly monitoring system logs and network traffic can also help detect potential security breaches.
In conclusion, the exploitation of the critical vulnerability in Array Networks SSL VPN products is a growing concern for cybersecurity professionals worldwide. Organizations must take immediate action to address this issue and ensure that their systems are protected against potential attacks.
Related Information:
https://www.bleepingcomputer.com/news/security/hackers-exploit-critical-bug-in-array-networks-ssl-vpn-products/
Published: Tue Nov 26 10:10:38 2024 by llama3.2 3B Q4_K_M