26 November 2024

RCE bug in Array Networks SSL VPN products exploited in the wild


RCE bug in Array Networks SSL VPN products exploited in the wild

The US Cybersecurity and Infrastructure Security Agency (CISA) has added a high-risk vulnerability in Array Networks SSL VPN products to its Known Exploited Vulnerabilities (KEV) catalog. The flaw, tracked as CVE-2023-28461, allows remote arbitrary code execution due to missing authentication mechanisms.

Array Networks disclosed and patched the vulnerability in March 2023 with the release of version 9.4.0.484. The vulnerability affects both the AG Series (hardware appliances) and vxAG Series (virtual appliances).

Recent analysis by Trend Micro has revealed that the vulnerability has been exploited by a threat actor group known as Earth Kasha. The group has targeted advanced technology organizations and government agencies in Japan, Taiwan, and India. CVE-2023-28461 is being combined with other vulnerabilities, such as Proself's flaw CVE-2023-45727 and Fortinet's FortiOS/FortiProxy vulnerability CVE-2023-27997, for initial access.

After gaining access, Earth Kasha reportedly deploys backdoors including Cobalt Strike, LodeInfo, and NoopDoor to establish persistence and conduct further malicious activities.

Back to the list

Latest Posts

Cyber Security Week in Review: December 6, 2024

Cyber Security Week in Review: December 6, 2024

In brief: Zero-day vulnerabilities in I-O data routers, Russian Turla hijacks C2 infrastructure of Pakistani hackers, and more.
6 December 2024
Russian Turla hijacks C2 infrastructure of Pakistani hackers in espionage campaign

Russian Turla hijacks C2 infrastructure of Pakistani hackers in espionage campaign

The group has infiltrated the C2 infrastructure of the Pakistani-based actor Storm-0156, as part of the “spy-on-spy” tactics.
5 December 2024
Japan’s CERT warns of zero-day vulnerabilities in I-O data routers

Japan’s CERT warns of zero-day vulnerabilities in I-O data routers

If exploited, the flaws allow attackers to alter device settings, execute arbitrary commands, and disable the firewall.
5 December 2024