The US Cybersecurity and Infrastructure Security Agency (CISA) on Monday added A critical security flaw affecting Array Networks AG and vxAG Secure Access Gateways is now fixed for known vulnerabilities (KEV) catalog after reports of active exploitation in the wild.
Vulnerability, tracked as CVE-2023-28461 (CVSS Score: 9.8) deals with a case of no authentication that can be used to execute arbitrary code remotely. The fixes for the security flaw (version 9.4.0.484) were released by the networking equipment vendor in March 2023.
“The Array AG/vxAG remote code execution vulnerability is a web security vulnerability that could allow an attacker to browse the file system or execute remote code on an SSL VPN gateway by using the flags attribute in an unauthenticated HTTP header,” Array Networks said. “The product can be exploited via a vulnerable URL.”
KEV’s listing came shortly after Trend Micro’s cybersecurity campaign revealed that a China-linked cyberespionage group called Earth Kasha (aka MirrorFace) is exploiting security flaws in publicly available enterprise products such as Array AG (CVE-2023-28461), Proself (CVE-2023-45727), and Fortinet FortiOS/FortiProxy (CVE -2023-27997), for initial access.
Earth Kasha is known for its extensive targeting of Japanese organizations, although recent years have also seen attacks on Taiwan, India and Europe.
Earlier this month also ESET opened by Earth Kasha, which targeted an unnamed diplomatic entity in the European Union to create a backdoor known as ANEL, using it as bait for the upcoming World Expo 2025 to be held in Osaka, Japan from April 2025.
Due to active exploitation, the Federal Civil Enforcement Agency (FCEB) is advised to apply patches by December 16, 2024 to protect their networks.
The disclosure comes after 15 different Chinese hacker groups out of a total of 60 named threat actors were linked to the abuse of at least one of top 15 commonly used vulnerabilities in 2023according to VulnCheck.
The cybersecurity company said it has identified more than 440,000 hosts that may be vulnerable to attacks.
“Organizations must assess the impact of these technologies, improve visibility of potential risks, use robust threat intelligence, maintain robust patch management practices, and implement controls such as minimizing the exposure of these devices to the Internet where possible,” Patrick Garrity of VulnCheck. said.
