Critical vulnerability discovered in Arcserve backup software

By on
Critical vulnerability discovered in Arcserve backup software

Admin access leads to RCE.

Arcserve has patched a critical authentication bypass in its Unified Data Protection product that gave attackers control over the software’s web administration interface, and led to a remote code execution (RCE) attack.

Discovered by researcher Juan Manuel Fernandez (@TheXC3LL) and MDSec’s Sean Doherty, CVE-2023-26258 affects UDP between version 7.0 and 9.0, and has been patched by Arcserve.

While exploring the login interactions between client and server, the two researchers spotted a variable called authUUID and method called validateUserByUuid.

They were then able to use that information to obtain access; as they described in this post, they got “a cookie with a session.”

From there, the researchers were then able to retrieve and decrypt the admin’s password, giving them complete control over the system, including RCE capabilities.

Fernandez and Doherty have posted their attack tools at GitHub.

According to the MDSec post, the pair first disclosed their findings to Arcserve on February 9, and the company posted its patch on June 27.

Arcserve said all UDP Windows agents and Recovery Point Servers need to be upgraded to 9.1, manually or via an automatic update.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
arcservesecurity

Sponsored Whitepapers

Responding To Industry Trends And Our 5m+ Users
Responding To Industry Trends And Our 5m+ Users
The Future of Digital Identity in Government
The Future of Digital Identity in Government
Secure Public Services for Every Australian
Secure Public Services for Every Australian
7&#189; Questions for Aged Care's Digital Decisions
7½ Questions for Aged Care's Digital Decisions
Creating the Sustainable IT Department
Creating the Sustainable IT Department

Most Read Articles

Gov should seek 'external assurance' of cyber security maturity

Gov should seek 'external assurance' of cyber security maturity
Australia appoints first cyber security coordinator

Australia appoints first cyber security coordinator
Medibank faces fresh tech review in ongoing hack fallout

Medibank faces fresh tech review in ongoing hack fallout
Governments across Australia embark on identity reform

Governments across Australia embark on identity reform

Digital Nation

More than half of loyalty members concerned about their data
More than half of loyalty members concerned about their data
DeepAI founder on the risks of artificial intelligence
DeepAI founder on the risks of artificial intelligence
Health tech startup Kismet raises $4m in pre-seed funding
Health tech startup Kismet raises $4m in pre-seed funding
COVER STORY: The opportunities and risks of cybersecurity insurance in Australia
COVER STORY: The opportunities and risks of cybersecurity insurance in Australia
How eBay uses interaction analytics to improve CX
How eBay uses interaction analytics to improve CX

Log In

  |  Forgot your password?