CVE-2023-26258

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Jul 3, 2023

Updated: Jul 12, 2023

CWE ID 863

Summary

CVE-2023-26258 is a vulnerability affecting Arcserve UDP versions up to 9.0.6034. An authentication bypass issue is identified, where an attacker can leverage the getVersionInfo function at WebServiceImpl/services/FlashServiceImpl to obtain an AuthUUID token. This token can then be exploited to gain a valid session at /WebServiceImpl/services/VirtualStandbyServiceImpl, granting administrative privileges to the attacker.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Arcserve Unified Data Protection

Affected Vendors

Arcserve (USA) LLC

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/rzhx0H
https://www.cve.org/CVERecord?id=CVE-2023-26258
https://nvd.nist.gov/vuln/detail/CVE-2023-26258

Back to Vulnerability Database