#DOYOUKNOWCVE CISA Alert: CVE-2023-28461 CVE-2023-28461 has been identified as a critical vulnerability impacting Array Networks AG and vxAG secure access gateways. This vulnerability allows attackers to browse the filesystem or execute remote code without authentication, exploiting a flaw in the SSL VPN gateway's HTTP header processing. It has been actively exploited in the wild and is linked to the LODEINFO malware and Advanced Persistent Threat group APT10. 𝗔𝗳𝗳𝗲𝗰𝘁𝗲𝗱 𝗣𝗿𝗼𝗱𝘂𝗰𝘁𝘀: 𝗔𝗿𝗿𝗮𝘆𝗢𝗦 𝗼𝗻 𝗔𝗿𝗿𝗮𝘆 𝗡𝗲𝘁𝘄𝗼𝗿𝗸𝘀 𝗔𝗚 𝗮𝗻𝗱 𝘃𝘅𝗔𝗚 𝗱𝗲𝘃𝗶𝗰𝗲𝘀 𝗥𝗲𝗰𝗼𝗺𝗺𝗲𝗻𝗱𝗲𝗱 𝗦𝘁𝗲𝗽𝘀: 𝗜𝗱𝗲𝗻𝘁𝗶𝗳𝘆 𝗔𝗳𝗳𝗲𝗰𝘁𝗲𝗱 𝗦𝘆𝘀𝘁𝗲𝗺𝘀: Determine if your systems are running vulnerable ArrayOS versions. 𝗔𝗽𝗽𝗹𝘆 𝗣𝗮𝘁𝗰𝗵𝗲𝘀: Update to the latest, patched version of ArrayOS immediately. 𝗦𝘁𝗿𝗲𝗻𝗴𝘁𝗵𝗲𝗻 𝗔𝗰𝗰𝗲𝘀𝘀 𝗖𝗼𝗻𝘁𝗿𝗼𝗹𝘀: Enhance authentication mechanisms to mitigate risk. 𝗠𝗼𝗻𝗶𝘁𝗼𝗿 𝗦𝘆𝘀𝘁𝗲𝗺𝘀: Regularly audit for suspicious activity or signs of exploitation. Act Now to safeguard your infrastructure from potential exploitation. Proactive security measures are crucial to staying ahead of attackers! For more information, log in to LOVI: vi.loginsoft.com/cve/CVE-202… #Cybersecurity #CVE2023_28461 #SecurityPatch #ITSecurity #Threat #APT #Exploit #Wild #CISAKEV #ArrayNetworksAG #ArrayvxAGdevices