Directory Traversal Vulnerability in Arcserve UDP by CA Technologies
CVE-2015-4068

9.1CRITICAL

Key Information:

Vendor

Arcserve

Status
Arcserve Unified Data Protection
Vendor
CVE Published:
29 May 2015

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸฃ EPSS 84%๐Ÿฆ… CISA Reported

What is CVE-2015-4068?

A directory traversal vulnerability exists in Arcserve UDP prior to version 5.0 Update 4, allowing remote attackers to manipulate file paths. By crafting specific requests to the reportFileServlet or exportServlet servlets, attackers can access sensitive information or potentially lead to a denial of service. This vulnerability emphasizes the importance of secure coding practices to prevent unauthorized filesystem access.

CISA has reported CVE-2015-4068

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2015-4068 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply updates per vendor instructions.

References

http://www.zerodayinitiative.com/advisories/ZDI-15-242/
x_refsource_MISC
http://www.securityfocus.com/bid/74845
vdb-entryx_refsource_BID
http://documentation.arcserve.com/Arcserve-UDP/Available/...
x_refsource_CONFIRM

EPSS Score

84% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • ๐Ÿ‘พ

    Exploit known to exist

  • ๐Ÿฆ…

    CISA Reported

  • Vulnerability published

  • Vulnerability Reserved

JSON
.