Lucene search
K

8 matches found

The Hacker News
The Hacker News
added 2025/12/05 5:40 a.m.5 views

JPCERT Confirms Active Command Injection Attacks on Array AG Gateways

A command injection vulnerability in Array Networks AG Series secure access gateways has been exploited in the wild since August 2025, according to an alert issued by JPCERT/CC this week. The vulnerability, which does not have a CVE identifier, was addressed by the company on May 11, 2025. It's...

9.8CVSS10AI score0.67645EPSS
Exploits0
Prion
Prion
added 2023/03/15 11:15 p.m.21 views

Remote code execution

Array Networks Array AG Series and vxAG 9.4.0.481 and earlier allow remote code execution. An attacker can browse the filesystem on the SSL VPN gateway using a flags attribute in an HTTP header without authentication. The product could then be exploited through a vulnerable URL. The 2023-03-09...

7.5CVSS9.5AI score0.67645EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/03/15 12:0 a.m.5 views

PT-2023-21734

Name of the Vulnerable Software and Affected Versions Array Networks Array AG Series and vxAG versions 9.4.0.481 and earlier Description A critical security flaw allows remote code execution. An attacker can browse the filesystem on the SSL VPN gateway using a flags attribute in an HTTP header...

9.8CVSS7.7AI score0.67645EPSS
Exploits0References60
ATTACKERKB
ATTACKERKB
added 2023/03/15 12:0 a.m.11 views

CVE-2023-28461

Array Networks Array AG Series and vxAG 9.4.0.481 and earlier allow remote code execution. An attacker can browse the filesystem on the SSL VPN gateway using a flags attribute in an HTTP header without authentication. The product could then be exploited through a vulnerable URL. The 2023-03-09...

9.8CVSS7.7AI score0.67645EPSS
In wildExploits0References2
Vulnrichment
Vulnrichment
added 2023/03/15 12:0 a.m.13 views

CVE-2023-28461

Array Networks Array AG Series and vxAG 9.4.0.481 and earlier allow remote code execution. An attacker can browse the filesystem on the SSL VPN gateway using a flags attribute in an HTTP header without authentication. The product could then be exploited through a vulnerable URL. The 2023-03-09...

7.7AI score0.67645EPSS
Exploits0References1
CVE
CVE
added 2023/03/15 12:0 a.m.247 views

CVE-2023-28461

CVE-2023-28461 affects Array Networks ArrayOS Array AG Series and vxAG (≤ 9.4.0.481). The vulnerability allows unauthenticated remote code execution by exploiting a flag in an HTTP header to browse the device filesystem and reach a vulnerable URL. PTSecurity notes evidence of active exploitation;...

9.8CVSS9.6AI score0.67645EPSS
In wildExploits0References2Affected Software1
NVD
NVD
added 2023/02/03 2:15 a.m.13 views

CVE-2023-24613

The user interface of Array Networks AG Series and vxAG through 9.4.0.470 could allow a remote attacker to use the gdb tool to overwrite the backend function call stack after accessing the system with administrator privileges. A successful exploit could leverage this vulnerability in the backend...

4.9CVSS5AI score0.00787EPSS
Exploits0References1
CVE
CVE
added 2023/02/03 12:0 a.m.65 views

CVE-2023-24613

CVE-2023-24613 affects Array Networks AG Series and vxAG UI (v9.4.0.470). A remote attacker with administrator access could use gdb to overwrite the backend function call stack in the UI handling binary, enabling a denial-of-service condition. The issue is resolved in AG 9.4.0.481. Affected versi...

4.9CVSS5AI score0.00787EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder