CVE-2023-28461: Array Networks AG and vxAG ArrayOS Missing Authentication
Array Networks AG and vxAG ArrayOS Missing Authentication for Critical Function Vulnerability. Array Networks AG and vxAG ArrayOS contain a missing authentication for critical function vulnerability that allows an attacker to read local files and execute code on the SSL VPN gateway.
- CISA KEV-listed (remediation due 2024-12-16)
- used in ransomware campaigns
- EPSS 89.3% (99.6% percentile)