Critical Vulnerability in Array Networks Exploited by Cyber Espionage Group

2024-11-26

Need some ammo against Fortinet? This article is for you! Learn about the importance of patch management and how Check Point can help protect against such vulnerabilities.

 

CISA has added a critical vulnerability affecting Array Networks AG and vxAG secure access gateways to its Known Exploited Vulnerabilities catalog due to active exploitation in the wild. The flaw involves missing authentication, allowing remote code execution via a vulnerable URL without authentication. The Chinese cyber espionage group Earth Kasha has been exploiting this vulnerability, alongside others in Proself and Fortinet products, primarily targeting Japanese and other international entities. The vulnerability has now been patched, and agencies are urged to update their systems promptly.

 

Key Facts

Risks:

Patch Management, Web App/Website Vulnerability, Other: Remote Code Execution

Keywords:

Array Networks, Earth Kasha, CVE-2023-28461, Remote Code Execution, Fortinet, Cyber Espionage

CVE:

CVE-2023-28461; CVE-2023-45727; CVE-2023-27997

Affected:

Array Networks, Array AG, vxAG, Proself, Fortinet FortiOS, Fortinet FortiProxy

 

Article Body

CISA Alerts Agencies to Critical Vulnerability in Array Networks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has identified a critical vulnerability in Array Networks AG and vxAG secure access gateways. This vulnerability, now patched, has been actively exploited, prompting CISA to add it to its Known Exploited Vulnerabilities (KEV) catalog.

Details of the Vulnerability

The vulnerability, identified as CVE-2023-28461, is a significant security flaw due to missing authentication checks. With a CVSS score of 9.8, this issue allows attackers to execute arbitrary code remotely. Specifically, the vulnerability can be exploited through a vulnerable URL, enabling attackers to access the filesystem or execute code on the SSL VPN gateway without needing authentication.

Exploitation by Cyber Espionage Group

A cyber espionage group linked to China, known as Earth Kasha or MirrorFace, has been exploiting this vulnerability. This group has a history of targeting public-facing enterprise products to gain initial access. Alongside Array Networks, they have exploited vulnerabilities in Proself (CVE-2023-45727) and Fortinet FortiOS/FortiProxy (CVE-2023-27997).

Targeted Entities

Earth Kasha is primarily known for targeting Japanese entities. However, their reach extends to Taiwan, India, and Europe. Recently, they targeted a European Union diplomatic entity, leveraging the upcoming World Expo 2025 in Osaka, Japan, as a lure to deploy a backdoor known as ANEL.

Importance of Patch Management

Given the active exploitation and severe impact of this vulnerability, it is crucial for organizations to implement timely patch management practices. Agencies are strongly advised to apply the available patches to safeguard their systems against potential attacks.

 

Read More

https://thehackernews.com/2024/11/cisa-urges-agencies-to-patch-critical.html?m=1