CISA Warns Agencies to Fix Critical Array Networks Flaw

Critical Security Flaw in Array Networks AG and vxAG Gateways: CISA Adds to Vulnerabilities Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently added a critical security flaw affecting Array Networks AG and vxAG secure access gateways to its Known Exploited Vulnerabilities (KEV) catalog. This decision follows reports of active exploitation in the wild. The vulnerability, identified as CVE-2023-28461, has a high CVSS score of 9.8 and poses a significant risk due to missing authentication, potentially allowing attackers to execute arbitrary code remotely.

In March 2023, Array Networks released patches (version 9.4.0.484) to address this serious security shortcoming. According to Array Networks, "The Array AG/vxAG remote code execution vulnerability is a web security vulnerability that allows an attacker to browse the filesystem or execute remote code on the SSL VPN gateway using flags attribute in HTTP header without authentication." This flaw can be exploited through a vulnerable URL, highlighting the urgency for organizations to act.

Understanding the Threat Landscape

The inclusion of CVE-2023-28461 in the KEV catalog comes shortly after cybersecurity firm Trend Micro reported that a China-linked cyber espionage group, known as Earth Kasha (also referred to as MirrorFace), is exploiting security vulnerabilities in public-facing enterprise products. These products include not only Array AG but also Proself (CVE-2023-45727) and Fortinet FortiOS/FortiProxy (CVE-2023-27997).

  • Key Insights on Earth Kasha:
    • Primarily targets Japanese entities.
    • Recently expanded its attacks to Taiwan, India, and Europe.
    • Previously linked to campaigns aimed at diplomatic entities within the European Union.

Earlier this month, ESET revealed an Earth Kasha campaign that targeted an unnamed diplomatic entity in the EU, using the upcoming World Expo 2025 in Osaka, Japan, as bait to deliver a backdoor known as ANEL.

Recommendations for Federal Agencies

In light of the ongoing exploitation of these vulnerabilities, CISA advises Federal Civilian Executive Branch (FCEB) agencies to apply the necessary patches by December 16, 2024. This proactive measure is essential for securing their networks against potential threats.

Wider Implications: The Rise of Chinese Hacking Groups

Recent data from VulnCheck indicates that 15 Chinese hacking groups have been linked to the exploitation of at least one of the top 15 routinely exploited vulnerabilities in 2023. The cybersecurity firm has identified over 440,000 internet-exposed hosts that are potentially vulnerable to attacks.

  • Best Practices for Organizations:
    • Evaluate exposure to vulnerable technologies.
    • Enhance visibility into potential risks.
    • Leverage robust threat intelligence.
    • Maintain strong patch management practices.
    • Minimize internet-facing exposure of devices.

As Patrick Garrity from VulnCheck emphasizes, organizations need to be vigilant and proactive to safeguard their networks against these emerging threats.

Stay Informed and Secure

As cybersecurity threats continue to evolve, it’s crucial for organizations to stay informed about vulnerabilities like CVE-2023-28461. For more insights and updates on cybersecurity, follow us on Twitter and LinkedIn. Share your thoughts in the comments below and check out our related articles on best practices for cybersecurity.

Share it

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *