Security News > 2023 > November > PoCs for critical Arcserve UDP vulnerabilities released

PoCs for critical Arcserve UDP vulnerabilities released
2023-11-29 14:32

Arcserve has fixed critical security vulnerabilities in its Unified Data Protection solution, PoCs for which have been published by Tenable researchers on Monday.

Arcserve UDP is a popular enterprise data protection, backup and disaster recovery solution that improves organizations' resilience to ransomware attacks.

Finally, CVE-2023-42000 is a path traversal vulnerability that may allow an unauthenticated remote attacker to upload arbitrary files to any location on the file system where the UDP agent is installed.

The vulnerabilities affect Arcserve UDP versions prior to v9.2.

"We strongly recommend you upgrade to Arcserve UDP 9.2 as soon as possible," the company advised.

Arcserve has also provided manual patches for older versions of Arcserve UDP: 9.1., 8.1, and 7.0 Update 2.


News URL

https://www.helpnetsecurity.com/2023/11/29/arcserve-udp-vulnerabilities-pocs/

Related news

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-11-27 CVE-2023-42000 Path Traversal vulnerability in Arcserve UDP
Arcserve UDP prior to 9.2 contains a path traversal vulnerability in com.ca.arcflash.ui.server.servlet.FileHandlingServlet.doUpload().
network
low complexity
arcserve CWE-22
critical
 9.8
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Arcserve 2 0 1 4 5 10