Security News > 2024 > November > CISA Urges Agencies to Patch Critical "Array Networks" Flaw Amid Active Attacks
2024-11-26 05:03
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a now-patched critical security flaw impacting Array Networks AG and vxAG secure access gateways to its Known Exploited Vulnerabilities (KEV) catalog following reports of active exploitation in the wild. The vulnerability, tracked as CVE-2023-28461 (CVSS score: 9.8), concerns a case of missing authentication that
News URL
https://thehackernews.com/2024/11/cisa-urges-agencies-to-patch-critical.html
Related news
- CISA confirms critical Cleo bug exploitation in ransomware attacks (source)
- CISA warns of critical Oracle, Mitel flaws exploited in attacks (source)
- CISA orders agencies to patch BeyondTrust bug exploited in attacks (source)
- Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) (source)
- Cleo patches critical zero-day exploited in data theft attacks (source)
- New IOCONTROL malware used in critical infrastructure attacks (source)
- Iran-linked crew used custom 'cyberweapon' in US critical infrastructure attacks (source)
- BeyondTrust Issues Urgent Patch for Critical Vulnerability in PRA and RS Products (source)
- Patch Alert: Critical Apache Struts Flaw Found, Exploitation Attempts Detected (source)
- CISA Adds Critical Flaw in BeyondTrust Software to Exploited Vulnerabilities List (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-15 | CVE-2023-28461 | Improper Authentication vulnerability in Arraynetworks Arrayos AG 9.4.0.469/9.4.0.470/9.4.0.481 Array Networks Array AG Series and vxAG (9.4.0.481 and earlier) allow remote code execution. | 9.8 |