CVE-2023-28461

Array Networks AG and vxAG ArrayOS Missing Authentication for Critical Function Vulnerability

Array Networks AG and vxAG ArrayOS contain a missing authentication for critical function vulnerability that allows an attacker to read local files and execute code on the SSL VPN gateway. Vendor/Product: Array Networks AG/vxAG ArrayOS. Added to CISA KEV 2024-11-25; required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Category: Vulnerability, Known Exploited

Reference: NVD CVE-2023-28461