Threats / Array Networks / CVE-2023-28461
CVE-2023-28461
· EUVD no mirror located
· GCVE no mirror located
Verified 2026-06-22
Array Networks AG/vxAG ArrayOS vulnerability
Array Networks AG and vxAG ArrayOS lack authentication for critical functions, allowing attackers to read local files and execute code on SSL VPN gateways.
Verdict
Today item, not a backlog item.
Missing authentication on critical functions in SSL VPN appliances enables unauthenticated remote code execution and file access. Active exploitation and ransomware deployment observed in the wild.
01
Is it exploitable?
— the evidence, ranked above the scoreReported exploitation
27 independent public reports of in-the-wild exploitation are cataloged.Distinct reporting sources (vendor, incident response, government); open them for the underlying claims.
Exploited in the wild
Listed in the CISA Known Exploited Vulnerabilities catalog (added 2024-11-25), flagged for known ransomware use.
Probability (EPSS)
EPSS 0.67645 — modeled likelihood of exploitation activity.EPSS is a daily-changing model output — open the source for today's value.
Severity / affected
Affected: Array Networks , AG/vxAG ArrayOS. Confirm exact fixed builds in the vendor advisory.
Weakness (CWE)
Mapped to CWE-306 Missing Authentication — weakness family: Authentication.CWE assignment from the public NVD record; the weakness class drives how the flaw is exploited.
02
Who’s exploiting it?
— attribution turns risk into urgencyAttribution not established
No confirmed (advisory-backed) threat-actor attribution is established for this record. Absence of a named actor is not absence of compromise — see Coverage & confidence.
03
Why it matters
— the attack path, told twice: adversary, then board1
Front door — unauthenticated access narrative 1
Attacker
I identify the SSL VPN gateway as internet-facing and accessible without authentication requirements.
Business
Perimeter security fails to prevent unauthorized access to critical VPN infrastructure.
2
Keys to the kingdom — privilege/identity takeover narrative 2
Attacker
I invoke critical functions on the appliance that lack authentication checks, bypassing intended access controls.
Business
Authentication mechanisms designed to protect sensitive operations are ineffective.
3
Lateral reach — past segmentation narrative 3
Attacker
I read sensitive local files from the system to gather credentials, configuration, or intelligence.
Business
Confidential data stored on the VPN gateway is compromised and exfiltrated.
4
Data at risk — exfiltration narrative 4
Attacker
I execute arbitrary code with the privileges of the VPN appliance process.
Business
The gateway is fully compromised and becomes a pivot point into the internal network.
5
Lights out — disruption & extortion narrative 5
Attacker
I deploy ransomware or establish persistence to encrypt data and extort the organization.
Business
Operations are disrupted, data is encrypted, and the organization faces financial and reputational damage.
04
What to do
— defensible action- Remediate per the vendor advisory — confirm the fixed build for your version and verify exposure.1
Say it to the boardA vulnerability with this evidence profile is a defensible budget line, not a backlog ticket — fund the change against the proof above.
05