Network Security

Critical Array Networks flaw added to CISA vulnerabilities catalog

Old mainframe computers surrounded by modern devices and cables, illustrating the merger of outdated technology with innovative solutions for a seamless digital transformation.

Active intrusions involving a critical web security flaw impacting Array Networks AG and vxAG secure access gateways have resulted in the bug's inclusion into the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities catalog, with federal agencies recommended to remediate the issue by Dec. 16, according to The Hacker News.

Threat actors using a vulnerable URL could leverage the security issue, tracked as CVE-2023-28461, to facilitate arbitrary code execution or file system compromise, noted Array Networks. Such a development comes after Chinese cyberespionage operation Earth Kasha, also known as MirrorFace, was reported by Trend Micro to have launched attacks exploiting the Array Networks bug alongside Fortinet FortiOS/FortiProxy and Proself vulnerabilities. Chinese hacking operations were also recently noted by VulnCheck to account for a quarter of threat actors who deployed intrusions exploiting one or more of the 15 most exploited security flaws last year, which affect more than 440,000 online devices.

An In-Depth Guide to Network Security

Get essential knowledge and practical strategies to fortify your network security.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds