A severe security flaw in Array Networks’ AG and vxAG secure access gateways has been identified and added to CISA’s Known Exploited Vulnerabilities catalog. The vulnerability (CVE-2023-28461), carrying a critical CVSS score of 9.8, enables unauthorized remote code execution through SSL VPN gateways.
The Chinese threat group “Earth Kasha” (MirrorFace) is actively exploiting this vulnerability, targeting organizations primarily in Japan, with recent expansions into Taiwan, India, and Europe. The group’s arsenal includes exploits for multiple enterprise products, including Array AG, Proself, and Fortinet FortiOS/FortiProxy systems.
A patch addressing this vulnerability was released in March 2023 (version 9.4.0.484). Federal agencies must implement this patch by December 16, 2024. According to VulnCheck, over 440,000 internet-exposed hosts remain potentially vulnerable, with 15 Chinese hacking groups actively exploiting similar vulnerabilities.
Organizations are advised to:
– Immediately assess their exposure to affected technologies
– Enhance risk visibility
– Implement robust patch management
– Reduce internet-facing device exposure
This security threat underscores the critical importance of timely patch implementation and continuous security monitoring in protecting organizational assets against sophisticated cyber threats.