Unrated severityCISA KEVNVD Advisory· Published Mar 15, 2023· Updated Oct 21, 2025

CVE-2023-28461

Description

Array Networks Array AG Series and vxAG (9.4.0.481 and earlier) allow remote code execution. An attacker can browse the filesystem on the SSL VPN gateway using a flags attribute in an HTTP header without authentication. The product could then be exploited through a vulnerable URL. The 2023-03-09 vendor advisory stated "a new Array AG release with the fix will be available soon."

Affected products

Array Networks/Array AG Seriesdescription

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/documentation/FieldNotice/Array_Networks_Security_Advisory_for_Remote_Code_Execution_Vulnerability_AG.pdfmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.071
exploit	0.000
kev	0.120
patch	0.000
ransomware	0.060