Array Networks Array AG Series and vxAG (9.4.0.481 and earlier) allow remote code execution. An attacker can browse the filesystem on the SSL VPN gateway using a flags attribute in an HTTP header without authentication. The product could then be exploited through a vulnerable URL. The 2023-03-09 vendor advisory stated "a new Array AG release with the fix will be available soon."
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2023-03-15T00:00:00
Updated: 2023-03-15T00:00:00
Reserved: 2023-03-15T00:00:00
Link: CVE-2023-28461
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-03-15T23:15:10.070
Modified: 2023-03-24T14:57:23.997
Link: CVE-2023-28461
JSON object: View
Redhat Information
No data.
CWE