Security News > 2023 > November > PoCs for critical Arcserve UDP vulnerabilities released
Arcserve has fixed critical security vulnerabilities in its Unified Data Protection solution, PoCs for which have been published by Tenable researchers on Monday.
Arcserve UDP is a popular enterprise data protection, backup and disaster recovery solution that improves organizations' resilience to ransomware attacks.
Finally, CVE-2023-42000 is a path traversal vulnerability that may allow an unauthenticated remote attacker to upload arbitrary files to any location on the file system where the UDP agent is installed.
The vulnerabilities affect Arcserve UDP versions prior to v9.2.
"We strongly recommend you upgrade to Arcserve UDP 9.2 as soon as possible," the company advised.
Arcserve has also provided manual patches for older versions of Arcserve UDP: 9.1., 8.1, and 7.0 Update 2.
News URL
https://www.helpnetsecurity.com/2023/11/29/arcserve-udp-vulnerabilities-pocs/
Related news
- Netgear warns users to patch critical WiFi router vulnerabilities (source)
- Cisco Patches Critical ISE Vulnerabilities Enabling Root CmdExec and PrivEsc (source)
- PoC exploit for Ivanti Endpoint Manager vulnerabilities released (CVE-2024-13159) (source)
- Week in review: Botnet hits M365 accounts, PoC for Ivanti Endpoint Manager vulnerabilities released (source)
- GitLab patches critical authentication bypass vulnerabilities (source)
- Ongoing Cyber Attacks Exploit Critical Vulnerabilities in Cisco Smart Licensing Utility (source)
- OpenAI now pays researchers $100,000 for critical vulnerabilities (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-27 | CVE-2023-42000 | Path Traversal vulnerability in Arcserve UDP Arcserve UDP prior to 9.2 contains a path traversal vulnerability in com.ca.arcflash.ui.server.servlet.FileHandlingServlet.doUpload(). | 9.8 |