Now-patched critical security weakness affecting Array Networks AG and vxAG secure access gateways was added to the U.S. Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities (KEV) catalog on Monday in response to indications of active exploitation in the wild.
The vulnerability, identified as CVE-2023-28461 (CVSS score: 9.8), pertains to a situation where authentication is missing, which might be used to remotely execute arbitrary code. In March 2023, the network hardware vendor published fixes (version 9.4.0.484) for the security flaw.
“Array AG/vxAG remote code execution vulnerability is a web security vulnerability that allows an attacker to browse the filesystem or execute remote code on the SSL VPN gateway using flags attribute in HTTP header without authentication,” Array Networks said. “The product can be exploited through a vulnerable URL.”
Shortly after cybersecurity firm Trend Micro disclosed that a China-affiliated cyber espionage group called Earth Kasha (also known as MirrorFace) has been using security holes in publicly visible enterprise products like Array AG (CVE-2023-28461), Proself (CVE-2023-45727), and Fortinet FortiOS/FortiProxy (CVE-2023-27997) to gain initial access, the KEV catalog was added.
Though it has also been seen hitting Taiwan, India, and Europe in recent years, Earth Kasha is most recognized for its widespread targeting of Japanese companies.
Earlier this month, ESET also revealed an Earth Kasha campaign that used the impending World Expo 2025 in Osaka, Japan, which is set to begin in April 2025, as a lure to deliver a backdoor known as ANEL to an unidentified diplomatic organization in the European Union.
Federal Civilian Executive Branch (FCEB) entities are advised to implement the fixes by December 16, 2024, in order to safeguard their networks due to active exploitation.
The revelation comes as VulnCheck reports that 15 distinct Chinese hacking groups, out of 60 recognized threat actors, have been connected to the misuse of at least one of the top 15 frequently exploited vulnerabilities in 2023.
According to the cybersecurity firm, it has discovered more than 440,000 hosts that are accessible to the internet and might be attacked.
“Organizations should evaluate their exposure to these technologies, enhance visibility into potential risks, leverage robust threat intelligence, maintain strong patch management practices, and implement mitigating controls, such as minimizing internet-facing exposure of these devices wherever possible,” VulnCheck’s Patrick Garrity said.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: CIO News LinkedIn Account | CIO News Facebook | CIO News Youtube | CIO News Twitter
About us:
CIO News is the premier platform dedicated to delivering the latest news, updates, and insights from the CIO industry. As a trusted source in the technology and IT sector, we provide a comprehensive resource for executives and professionals seeking to stay informed and ahead of the curve. With a focus on cutting-edge developments and trends, CIO News serves as your go-to destination for staying abreast of the rapidly evolving landscape of technology and IT. Founded in June 2020, CIO News has rapidly evolved with ambitious growth plans to expand globally, targeting markets in the Middle East & Africa, ASEAN, USA, and the UK.
