Critical Vulnerability in Arcserve UDP Backup Software

Proof-of-concept released for authentication bypass vulnerability CVE-2023-26258

Threat ID:: CC-4349
Threat Severity:: Medium
Published:: 29 June 2023 2:36 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Proof-of-concept released for authentication bypass vulnerability CVE-2023-26258

Affected platforms

The following platforms are known to be affected:

Versions: 7.0 to 9.0

Arcserve Unified Data Protection (UDP)

Threat details

Introduction

Arcserve has released a security update to address a Critical authentication bypass vulnerability, tracked as CVE-2023-26258, in ArcServe UDP Backup software.

An unauthenticated remote attacker could exploit this authentication bypass vulnerability to gain administrative privileges on the affected system.

Proof-of-concept released for CVE-2023-26258

A proof-of-concept has been released for CVE-2023-26258, which is an authentication bypass vulnerability. Exploitation is considered more likely.

Remediation advice

Affected organisations are encouraged to review the Arcserve UDP Security Fix update - CVE-2023-26258 advisory and apply any relevant updates.

Definitive source of threat updates

https://support.arcserve.com/s/article/KB000015720?language=en_US

CVE Vulnerabilities

Status Reserved

CVE-2023-26258

Last edited: 29 June 2023 2:36 pm