The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding a critical security flaw in Array Networks AG and vxAG secure access gateways. The flaw, identified as CVE-2023-28461, has been under active exploitation by attackers. CISA has advised the federal agencies to install patches before December 16, 2024, in order to protect their systems.
Understanding the Vulnerability
The flaw, rated with a critical severity score of 9.8, is caused by missing authentication in the software, enabling attackers to remotely execute harmful commands or access sensitive files without proper authorization. According to Array Networks, the vulnerability can be triggered by sending specific HTTP headers to vulnerable URLs.
A patch for this weakness was issued in March 2023 (version 9.4.0.484), but follow-up attacks indicate many systems have not been patched yet. Organizations using this application should update now to ensure the integrity of their network.
Who is attacking this flaw?
A cyber espionage group known as Earth Kasha, or MirrorFace, has been identified as actively exploiting this flaw. Tied to China, the group usually targets entities in Japan, but its activities have also been seen in Taiwan, India, and Europe.
In one attack, Earth Kasha used the weakness to spearhead a campaign of compromise against a European diplomatic body. The attackers were phishing emails referencing the future World Expo 2025 to be held in Japan that would lure victims to download a backdoor called ANEL.
Vulnerability of Systems
The cyber security firm VulnCheck stated that more than 440,000 devices with internet access may be prone to attack because of this type of vulnerability. Also, it was indicated in the report that in 2023 alone, 15 Chinese-linked hacking groups targeted at least one of the top 15 commonly exploited flaws.
How Can Organizations Protect Themselves
To minimize such threats, organizations must:
- Ensure all systems that implement Array Networks software are maintained on the latest patched version.
- Reduce your exposure to sensitive devices on the internet whenever possible.
- Use robust patch management and monitoring systems to augment your defenses.
- Educate yourself through threat intelligence reports to understand emerging risks.
CISA Message to Agencies
Such direction has been given to agencies of the federal government for immediate action. By the utilization of these patches, they are capable of avoiding possible security breaches and further strengthening themselves against more complex cyber attacks. This reminder underscores a very critical point in proactive cybersecurity.
