← ExploitWatch
HomeExploited Vulnerabilities

CVE-2023-28461 — Actively Exploited: AG/vxAG ArrayOS (Array Networks)

Array Networks AG and vxAG ArrayOS contain a missing authentication for critical function vulnerability that allows an attacker to read local files and execute code on the SSL VPN gateway.

CVE IDCVE-2023-28461
VendorArray Networks
ProductAG/vxAG ArrayOS
Vulnerability nameArray Networks AG and vxAG ArrayOS Missing Authentication for Critical Function Vulnerability
Date added2024-11-25
Remediation due2024-12-16
Known ransomware useKnown
Required actionApply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
DescriptionArray Networks AG and vxAG ArrayOS contain a missing authentication for critical function vulnerability that allows an attacker to read local files and execute code on the SSL VPN gateway.
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →