CVE-2023-41121 – This vulnerability in Array AG OS allows remote... (How to Fix)

Q: What is the severity of CVE-2023-41121?

CVE-2023-41121 has a CVSS score of 7.5 (HIGH). This vulnerability in Array AG OS allows remote attackers to cause denial of service by crashing system service processes through abnormal HTTP operations. It affects Array Networks devices running Array AG OS versions before 9.4.0.499. Organizations using vulnerable Array Networks appliances are at risk.

📋 TL;DR

This vulnerability in Array AG OS allows remote attackers to cause denial of service by crashing system service processes through abnormal HTTP operations. It affects Array Networks devices running Array AG OS versions before 9.4.0.499. Organizations using vulnerable Array Networks appliances are at risk.

💻 Affected Systems

Products:

Array Networks AG Series appliances

Versions: All versions before 9.4.0.499

Operating Systems: Array AG OS

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all Array AG OS configurations with HTTP services enabled. The vulnerability is in the core OS, not specific application configurations.

📦 What is this software?

Arrayos Ag by Arraynetworks

View all CVEs affecting Arrayos Ag →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service disruption of Array Networks appliance, affecting all services it provides (load balancing, VPN, firewall, etc.), potentially causing extended downtime for dependent applications.

🟠

Likely Case

Intermittent service disruptions affecting specific services on the appliance, requiring manual intervention to restart crashed processes or reboot the device.

🟢

If Mitigated

Limited impact with proper network segmentation and monitoring, allowing quick detection and response to service disruptions.

🌐 Internet-Facing: HIGH - The vulnerability is triggered via HTTP operations, making internet-facing Array appliances particularly vulnerable to automated attacks.

🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could still exploit this, but attack surface is reduced compared to internet-facing deployments.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The advisory mentions 'abnormal HTTP operations' which suggests relatively simple exploitation. No authentication required makes this easily weaponizable.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 9.4.0.499 and later

Vendor Advisory: https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/documentation/FieldNotice/Array_Networks_Security_Advisory_for_Denial_of_Service_ID-144162.pdf

Restart Required: Yes

Instructions:

1. Download Array AG OS version 9.4.0.499 or later from Array Networks support portal. 2. Backup current configuration. 3. Upload and install the new firmware via web interface or CLI. 4. Reboot the appliance after installation completes. 5. Verify services are running properly post-upgrade.

🔧 Temporary Workarounds

HTTP Traffic Filtering

all

Implement WAF or network filtering to block abnormal HTTP requests that could trigger the vulnerability

Service Monitoring and Auto-restart

all

Configure monitoring to detect crashed services and automatically restart them

🧯 If You Can't Patch

Implement strict network segmentation to limit access to Array appliance management interfaces
Deploy intrusion detection systems to monitor for abnormal HTTP patterns and block suspicious traffic

🔍 How to Verify

Check if Vulnerable:

Check Array AG OS version via web interface (System > About) or CLI command 'show version'. If version is below 9.4.0.499, the system is vulnerable.

Check Version:

show version

Verify Fix Applied:

After patching, verify version is 9.4.0.499 or higher and monitor system logs for service crashes over 24-48 hours.

📡 Detection & Monitoring

Log Indicators:

Unexpected service process crashes in system logs
HTTP service restart messages
Increased error rates in application logs

Network Indicators:

Unusual HTTP request patterns to Array appliance
Sudden drops in service availability
Abnormal HTTP error responses

SIEM Query:

source="array_appliance" AND (event_type="service_crash" OR message="*restart*" OR severity="critical")

📊 Metadata

CVE ID: CVE-2023-41121

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-400

Published: August 25, 2023

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-41121, you might also want to check these: