6 matches found
PT-2024-22445 · Undefined · Undefined
CISA adds Array Networks CVE-2023-28461 to its KEV Catalog CISAKEV ArrayNetworks CVE-2024-28461 https://t.co/VGDdBgd86q...
CVE-2023-28461
creationtimestamp| type| source ---|---|--- 2024-11-20 04:47:00+00:00| seen| https://infosec.exchange/users/edwardk/statuses/113513465135891182 2024-11-25 15:59:35+00:00| seen| https://infosec.exchange/users/screaminggoat/statuses/113544421331313601 2024-11-25 16:25:12+00:00| seen|...
VulnCheck KEV: CVE-2023-28461
Array Networks AG and vxAG ArrayOS contain a missing authentication for critical function vulnerability that allows an attacker to read local files and execute code on the SSL VPN gateway...
CVE-2023-28461
Array Networks Array AG Series and vxAG 9.4.0.481 and earlier allow remote code execution. An attacker can browse the filesystem on the SSL VPN gateway using a flags attribute in an HTTP header without authentication. The product could then be exploited through a vulnerable URL. The 2023-03-09...
CVE-2023-28461
Array Networks Array AG Series and vxAG 9.4.0.481 and earlier allow remote code execution. An attacker can browse the filesystem on the SSL VPN gateway using a flags attribute in an HTTP header without authentication. The product could then be exploited through a vulnerable URL. The 2023-03-09...
CVE-2023-28461
CVE-2023-28461 affects Array Networks ArrayOS Array AG Series and vxAG (≤ 9.4.0.481). The vulnerability allows unauthenticated remote code execution by exploiting a flag in an HTTP header to browse the device filesystem and reach a vulnerable URL. PTSecurity notes evidence of active exploitation;...