Security News > 2023 > November > PoCs for critical Arcserve UDP vulnerabilities released
Arcserve has fixed critical security vulnerabilities in its Unified Data Protection solution, PoCs for which have been published by Tenable researchers on Monday.
Arcserve UDP is a popular enterprise data protection, backup and disaster recovery solution that improves organizations' resilience to ransomware attacks.
Finally, CVE-2023-42000 is a path traversal vulnerability that may allow an unauthenticated remote attacker to upload arbitrary files to any location on the file system where the UDP agent is installed.
The vulnerabilities affect Arcserve UDP versions prior to v9.2.
"We strongly recommend you upgrade to Arcserve UDP 9.2 as soon as possible," the company advised.
Arcserve has also provided manual patches for older versions of Arcserve UDP: 9.1., 8.1, and 7.0 Update 2.
News URL
https://www.helpnetsecurity.com/2023/11/29/arcserve-udp-vulnerabilities-pocs/
Related news
- SAP fixes critical vulnerabilities in NetWeaver application servers (source)
- Critical vulnerabilities remain unresolved due to prioritization gaps (source)
- Critical SimpleHelp vulnerabilities fixed, update your server instances! (source)
- Cisco fixes ClamAV vulnerability with available PoC and critical Meeting Management flaw (source)
- Netgear warns users to patch critical WiFi router vulnerabilities (source)
- Cisco Patches Critical ISE Vulnerabilities Enabling Root CmdExec and PrivEsc (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-27 | CVE-2023-42000 | Path Traversal vulnerability in Arcserve UDP Arcserve UDP prior to 9.2 contains a path traversal vulnerability in com.ca.arcflash.ui.server.servlet.FileHandlingServlet.doUpload(). | 9.8 |