CISA Identifies Critical Vulnerability in Array Networks Gateways

CISA warns of critical vulnerability in Array Networks AG and vxAG gateways. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security flaw, tracked as CVE-2023-28461, to its Known Exploited Vulnerabilities catalog due to reports of active exploitation. This vulnerability, which has a CVSS score of 9.8, allows for remote code execution due to missing authentication. Array Networks released a patch in March 2023, and federal agencies are advised to apply it by December 16, 2024. The vulnerability has been exploited by the China-linked cyber espionage group Earth Kasha, which has targeted various international entities. Cybersecurity experts recommend organizations enhance their risk visibility and maintain strong patch management practices to mitigate potential threats.