November 26, 2024 at 07:22AM
CISA has warned about a critical vulnerability (CVE-2023-28461) in Array Networks’ secure access gateways that allows remote code execution without authentication. Exploited by the group Earth Kasha, patching is crucial; federal agencies must address it by December 16. Organizations should review CISA’s KEV list and apply fixes promptly.
### Meeting Takeaways:
1. **Vulnerability Announcement**:
– CISA has issued a warning regarding the exploitation of a critical vulnerability (CVE-2023-28461) in Array Networks’ secure access gateway products, specifically Array AG and vxAG.
2. **Vulnerability Details**:
– Severity: Critical (CVSS Score: 9.8).
– Type: Remote Code Execution (RCE) flaw.
– Impact: Allows unauthorized filesystem browsing and remote code execution on the SSL VPN gateway via HTTP header attributes.
3. **Affected Products**:
– Vulnerable versions are identified in ArrayOS AG 9.x.
– Patches were released in ArrayOS AG version 9.4.0.484.
4. **Current Threat Landscape**:
– Threat actor Earth Kasha (also known as MirrorFace) exploited this vulnerability alongside other flaws (CVE-2023-45727 and CVE-2023-27997) targeting technology organizations and government agencies in Japan, Taiwan, and India.
5. **Action Items for Organizations**:
– CISA added CVE-2023-28461 to the Known Exploited Vulnerabilities (KEV) catalog.
– Federal agencies must identify and patch vulnerable instances before December 16, 2023, as per Binding Operational Directive (BOD) 22-01.
– All organizations are encouraged to review the KEV list and apply necessary remediations promptly.
6. **Security Recommendations**:
– Ensure patches for ArrayOS AG are applied.
– Monitor for exploitation signs and deploy appropriate security measures to prevent or mitigate attacks.
7. **Related Incidents**:
– Earth Kasha’s attack also involved deploying backdoors like Cobalt Strike, LodeInfo, and NoopDoor after initial access through the Array vulnerability.
### Next Steps:
– Schedule a follow-up meeting to discuss the implementation of security patches and measures within our organization.
– Assign team members to ensure compliance with CISA recommendations.