Headline
CVE-2023-28461
Array Networks Array AG Series and vxAG (9.4.0.481 and earlier) allow remote code execution. An attacker can browse the filesystem on the SSL VPN gateway using a flags attribute in an HTTP header without authentication. The product could then be exploited through a vulnerable URL. The 2023-03-09 vendor advisory stated “a new Array AG release with the fix will be available soon.”
%PDF-1.7 4 0 obj << /BitsPerComponent 8 /ColorSpace /DeviceGray /Filter /FlateDecode /Height 970 /Length 44247 /Subtype /Image /Type /XObject /Width 3249 >> stream x���q��:��H�$ ���$T���J@� ����ݥt�ff������s�,�͓L&����J]�*��E�5���P����Wb�*_�+����B`P��#�@�C$��Qs����F�!X�h��H`P�� ,j4��B`P�n�5��b$��Q#�@���˼��4� ,j4��B`PPs����F�!XԨ��H`P�� ,j��c$��Q�� ����-&����d}?�Q��4� ,j4ky���O�Q�%�H`P�ģ" ,ܝ�y%��,�<���H`P���� ,��<*����� ,j4��H�!3��6��]#�@��!X�h����BM#�@��{$��S��Wb@�@�,�E`P-�j��KUz������Z�"���^`�P�XbUg�Zu�"���b`�ФX��,�E`P-��r�I1�t4XT�D`P����V�������Z�"���b`�4XTkG`P-�j)�6�&�jXTK1�hR,]M=�@�,��X�4)�>�&�j]��-��N/���,�E`P-����H3�����,��4K@�@�����@�b`�h"���b`�ФXbM=�@�4K@�f`i("���Y1�(�K@�@�4�%��V1��XTK3��K����Z������"���M1�(�G�PE`P��b`�P�)������Z’���ɑT��R ,�zTG�PE`P-���ɑTXT�W,��4'G�F���T�^��r�־=tݥ�5��������N��;cu����4����C�ۺ��݇u"�lVӞ.����۵;��Z��’Xkj����<���U���ؚ��r��kõ[��]5��ڝ��VA�~�e���99���p� s�S��a��P����z,q?W�Т�a99�����,6B�47dX��V��ZyU���a��]GZA�ʗW�w���~�#틑�܄کu�ɑn�K�����X5�pr$���D)r��T���G��H��C"W��
Related news
Japanese organizations are the target of a Chinese nation-state threat actor that leverages malware families like LODEINFO and NOOPDOOR to harvest sensitive information from compromised hosts while stealthily remaining under the radar in some cases for a time period ranging from two to three years. Israeli cybersecurity company Cybereason is tracking the campaign under the name Cuckoo Spear,