November 26, 2024 at 12:48AM
The U.S. CISA added a critical vulnerability (CVE-2023-28461) affecting Array Networks AG to its KEV catalog due to active exploitation. The flaw allows remote code execution without authentication. Agencies are urged to apply patches by December 16, 2024, as the China-linked group Earth Kasha exploits similar vulnerabilities.
### Meeting Takeaways – November 26, 2024
**Subject**: Vulnerability / Network Security
1. **CISA Update**:
– The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability (CVE-2023-28461) concerning Array Networks AG and vxAG secure access gateways to its Known Exploited Vulnerabilities (KEV) catalog. This follows reports of active exploitation.
2. **Vulnerability Details**:
– **Description**: Missing authentication allows for arbitrary remote code execution.
– **CVSS Score**: 9.8 (critical).
– **Patch Release**: Fixes (version 9.4.0.484) were issued in March 2023.
3. **Exploitation**:
– Attackers can exploit the vulnerability through a specific HTTP header attribute, enabling them to browse the filesystem or execute commands on the SSL VPN gateway.
4. **Threat Actor Activity**:
– The Chinese cyber espionage group known as Earth Kasha (MirrorFace) is exploiting vulnerabilities in public-facing products, including CVE-2023-28461, as part of their campaigns.
– Earth Kasha has primarily targeted Japanese entities but is also active in Taiwan, India, and Europe.
5. **Recent Campaigns**:
– ESET reported that Earth Kasha targeted a diplomatic entity in the EU using the upcoming World Expo 2025 as a lure.
6. **Recommendations for FCEB Agencies**:
– Agencies are advised to apply patches by **December 16, 2024**, to secure their networks against the mentioned vulnerabilities.
7. **Overall Threat Landscape**:
– 15 Chinese hacking groups are linked to the exploitation of at least one of the top 15 vulnerabilities identified in 2023.
– Over 440,000 internet-exposed hosts are potentially at risk.
8. **Action Items for Organizations**:
– Evaluate exposure to affected technologies.
– Enhance visibility into potential risks.
– Utilize threat intelligence.
– Strengthen patch management practices.
– Implement controls to minimize internet-facing exposure of vulnerable devices.
**Follow-up**: Stay updated by following on Twitter and LinkedIn for more insights.