Authentication Bypass in Arcserve UDP by Arcserve
CVE-2023-26258

9.8CRITICAL

Key Information:

Vendor

Arcserve

Status
Udp
Vendor
CVE Published:
3 July 2023

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 86%📰 News Worthy

What is CVE-2023-26258?

Arcserve UDP versions prior to 9.0.6034 contain a vulnerability that allows an attacker to bypass authentication. Through the getVersionInfo method within the WebServiceImpl/services/FlashServiceImpl, the AuthUUID token is exposed. This token can be exploited at /WebServiceImpl/services/VirtualStandbyServiceImpl, enabling unauthorized users to establish a valid session. Once authenticated, attackers can execute any task with administrator privileges, posing a significant security risk to users.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2023-26258-ArcServe
Created by mdsecactivebreach

News Articles

favicon imageHelp Net Security

PoC for Arcserve UDP authentication bypass flaw published (CVE-2023-26258) - Help Net Security

An authentication bypass flaw (CVE-2023-26258) in Arcserve UDP can be exploited to compromise admin accounts, and a PoC exploit is public.

References

https://www.arcserve.com/products/arcserve-udp
https://www.mdsec.co.uk/2023/06/cve-2023-26258-remote-cod...
https://support.arcserve.com/s/article/KB000015720?langua...

EPSS Score

86% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • 📰

    First article discovered by Help Net Security

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability Reserved

.