Authentication Bypass in Arcserve UDP by Arcserve
CVE-2023-26258
Key Information:
Badges
What is CVE-2023-26258?
Arcserve UDP versions prior to 9.0.6034 contain a vulnerability that allows an attacker to bypass authentication. Through the getVersionInfo method within the WebServiceImpl/services/FlashServiceImpl, the AuthUUID token is exposed. This token can be exploited at /WebServiceImpl/services/VirtualStandbyServiceImpl, enabling unauthorized users to establish a valid session. Once authenticated, attackers can execute any task with administrator privileges, posing a significant security risk to users.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
Help Net SecurityCVE-2023-26258PoC for Arcserve UDP authentication bypass flaw published (CVE-2023-26258) - Help Net Security
An authentication bypass flaw (CVE-2023-26258) in Arcserve UDP can be exploited to compromise admin accounts, and a PoC exploit is public.
References
EPSS Score
78% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
Vulnerability published
- π°
First article discovered by Help Net Security
- π‘
Public PoC available
- πΎ
Exploit known to exist
Vulnerability Reserved