好的,我现在需要帮用户总结一篇文章,控制在100字以内。用户给的文章是关于Array Networks AG Gateway的一个漏洞被广泛利用的情况。 首先,我得通读全文,抓住关键点。文章提到JPCERT/CC警告说,从2025年8月开始,攻击者利用Array Networks AG系列网关中的命令注入漏洞进行攻击。这个漏洞影响的是DesktopDirect功能,早在5月就被修补了,但攻击者仍在利用它。 接下来,漏洞影响的版本是ArrayOS AG 9.4.5.8及更早版本。攻击者通过这个漏洞执行任意命令,甚至安装网络 shell、创建新用户和内部入侵。JPCERT建议用户检查系统,应用补丁,并采取临时措施。 另外,文章还提到美国CISA在2024年11月将另一个相关漏洞加入其已知被利用的漏洞目录中。 现在我需要把这些信息浓缩到100字以内。要包括主要事件:JPCERT/CC警告、漏洞类型、影响范围、攻击时间、建议措施等。 可能的结构是:JPCERT/CC警告Array Networks AG网关存在命令注入漏洞,自2025年8月起被利用,影响DesktopDirect功能。该漏洞允许攻击者执行任意命令,并已被修补。建议用户更新系统和应用补丁。 </think> JPCERT/CC警告Array Networks AG网关存在命令注入漏洞,自2025年8月起被广泛利用。该漏洞影响DesktopDirect功能,允许攻击者执行任意命令并安装后门。建议用户更新至最新版本并加强安全措施以防止进一步入侵。 2025-12-5 13:19:55 Author: securityaffairs.com(查看原文) 阅读量:7 收藏
JPCERT/CC Reports Widespread Exploitation of Array Networks AG Gateway Vulnerability
Pierluigi Paganini
December 05, 2025
Array Networks AG gateways have been under active exploitation since August 2025 due to a command injection flaw, JPCERT/CC warns.
A command injection flaw in Array Networks AG Series gateways, affecting DesktopDirect, has been exploited in the wild since August 2025; it was patched in May 2025.
An attacker can exploit the flaw to execute arbitrary commands.
“The DesktopDirect function of the Array AG series provided by Array Networks contains a command injection vulnerability. An attacker exploiting this vulnerability could execute arbitrary commands. At the time of publishing this information, no CVE number has been assigned to this vulnerability. Array” reads the alert published by JPCERT/CC.
Array’s DesktopDirect is a remote desktop access solution designed to let users securely access their work computers from anywhere. It is commonly used in enterprise environments to provide employees with remote access to their office desktops, applications, and resources while maintaining security through encryption, authentication, and access controls.
The flaw affects ArrayOS AG 9.4.5.8 and earlier versions, the company addressed the flaw on May 11, 2025, with the release of ArrayOS AG 9.4.5.9.
The Japanese agency warns that since August 2025, domestic organizations using Array Networks products have faced attacks exploiting a command injection flaw, involving webshell installation, creation of new users, and internal intrusions. The attack traffic was traced to IP 194.233.100[.]138. Users should review Array Networks guidance and investigate potential compromises.
JPCERT advises organizations using Array Networks AG Series or DesktopDirect to carefully investigate their systems for any signs of intrusion, particularly considering that the vulnerability has been actively exploited since August 2025. Users should implement countermeasures and apply security patches provided by Array Networks or its authorized distributors to mitigate the risk. Where a full patch is not yet feasible, organizations are encouraged to follow any temporary workarounds suggested by the vendor to reduce potential exposure. The overall aim is to detect past breaches, prevent further exploitation, and ensure that remote access systems remain secure.
In November 2024, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the Array Networks AG and vxAG ArrayOS flaw CVE-2023-28461 (CVSS score: 9.8) to its Known Exploited Vulnerabilities (KEV) catalog.
Array Networks’ AG Series and vxAG (versions 9.4.0.481 and earlier) is impacted by a remote code execution vulnerability. Attackers can exploit the SSL VPN gateway by accessing the filesystem via an HTTP header flags attribute and a vulnerable URL without authentication.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Array Networks)
如有侵权请联系:admin#unsafe.sh