PoCs for critical Arcserve UDP vulnerabilities released

2023-11-29 14:32

Arcserve has fixed critical security vulnerabilities in its Unified Data Protection solution, PoCs for which have been published by Tenable researchers on Monday.

Arcserve UDP is a popular enterprise data protection, backup and disaster recovery solution that improves organizations' resilience to ransomware attacks.

Finally, CVE-2023-42000 is a path traversal vulnerability that may allow an unauthenticated remote attacker to upload arbitrary files to any location on the file system where the UDP agent is installed.

The vulnerabilities affect Arcserve UDP versions prior to v9.2.

"We strongly recommend you upgrade to Arcserve UDP 9.2 as soon as possible," the company advised.

Arcserve has also provided manual patches for older versions of Arcserve UDP: 9.1., 8.1, and 7.0 Update 2.

News URL

https://www.helpnetsecurity.com/2023/11/29/arcserve-udp-vulnerabilities-pocs/

#arcserve #critical #POC #vulnerabilities #CVE-2023-42000

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2023-11-27	CVE-2023-42000	Path Traversal vulnerability in Arcserve UDP Arcserve UDP prior to 9.2 contains a path traversal vulnerability in com.ca.arcflash.ui.server.servlet.FileHandlingServlet.doUpload(). network low complexity arcserve CWE-22 critical	9.8

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Arcserve		4	0	5	2	5	12

News URL

Related news

Related Vulnerability

Related vendor