The U.S. Cybersecurity and Infrastructure Safety Company (CISA) on Monday added a now-patched vital safety flaw impacting Array Networks AG and vxAG safe entry gateways to its Identified Exploited Vulnerabilities (KEV) catalog following reviews of lively exploitation within the wild.
The vulnerability, tracked as CVE-2023-28461 (CVSS rating: 9.8), issues a case of lacking authentication that might be exploited to attain arbitrary code execution remotely. Fixes (model 9.4.0.484) for the safety shortcoming had been launched by the community {hardware} vendor in March 2023.
“Array AG/vxAG remote code execution vulnerability is a web security vulnerability that allows an attacker to browse the filesystem or execute remote code on the SSL VPN gateway using flags attribute in HTTP header without authentication,” Array Networks mentioned. “The product can be exploited through a vulnerable URL.”
The inclusion to KEV catalog comes shortly after cybersecurity firm Pattern Micro revealed {that a} China-linked cyber espionage group dubbed Earth Kasha (aka MirrorFace) has been exploiting safety flaws in public-facing enterprise merchandise, reminiscent of Array AG (CVE-2023-28461), Proself (CVE-2023-45727), and Fortinet FortiOS/FortiProxy (CVE-2023-27997), for preliminary entry.
Earth Kasha is thought for its in depth focusing on of Japanese entities, though, lately, it has additionally been noticed attacking Taiwan, India, and Europe.
Earlier this month, ESET additionally disclosed an Earth Kasha marketing campaign that focused an unnamed diplomatic entity within the European Union to ship a backdoor referred to as ANEL through the use of it as a lure because the upcoming World Expo 2025 that is scheduled to happen in Osaka, Japan, beginning April 2025.
In mild of lively exploitation, Federal Civilian Government Department (FCEB) companies are really useful to use the patches by December 16, 2024, to safe their networks.
The disclosure comes as 15 completely different Chinese language hacking teams out of a complete of 60 named menace actors have been linked to the abuse of at the very least one of many prime 15 routinely exploited vulnerabilities in 2023, based on VulnCheck.
The cybersecurity firm mentioned it has recognized over 440,000 internet-exposed hosts which might be doubtlessly vulnerable to assaults.
“Organizations should evaluate their exposure to these technologies, enhance visibility into potential risks, leverage robust threat intelligence, maintain strong patch management practices, and implement mitigating controls, such as minimizing internet-facing exposure of these devices wherever possible,” VulnCheck’s Patrick Garrity mentioned.
