CISA: CISA Adds One Known Exploited Vulnerability to Catalog
Hot off the press! CVE-2023-28461 (9.8 critical) Array Networks AG and vxAG ArrayOS Improper Authentication vulnerability

#CVE_2023_28461 #arraynetworks #arrayos #cisa #kev #cisakev #knownexploitedvulnerabilitiescatalog #vulnerability #eitw #activeexploitation #infosec #cybersecurity

Just a note that CVE-2023-28461 (9.8 critical) Array Networks AG and vxAG ArrayOS Improper Authentication vulnerability, added 25 November 2024 to the KEV Catalog, is known to be used in ransomware campaigns, according to CISA.

EDIT: NEW! Fancy red triangle 🔺when known to be used in ransomware campaigns.

EDIT2: Known to be exploited by the Chinese state actor "Earth Kasha" which may be related to APT10. www.trendmicro.com/...

#CVE_2023_28461 #arraynetworks #ransomware #threatintel #vulnerability #infosec #cve #eitw #activeexploitation #KnownExploitedVulnerabilitiesCatalog #kev #cisa

@screaminggoat
The CVE entry, written last week by MITRE, currently states: "a new Array AG release with the fix will be available soon."

The fix was released over 1.5 years ago.

A job done!