Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2023-26258
CVE-2023-26258:
Arcserve Unified Data Protection vulnerability analysis and mitigation
Overview
CVE-2023-26258 is a critical authentication bypass vulnerability affecting Arcserve Unified Data Protection (UDP) versions 7.0 through 9.0.6034. The vulnerability was discovered in early 2023 and publicly disclosed on June 27, 2023. The flaw exists in the web management interface where the method getVersionInfo at WebServiceImpl/services/FlashServiceImpl leaks the AuthUUID token, which can then be used at /WebServiceImpl/services/VirtualStandbyServiceImpl to obtain a valid session and execute any task as administrator (MDSec Research).
Technical details
The vulnerability has a CVSS v3.1 base score of 9.8 (Critical) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. The flaw stems from improper authentication validation in the web interface. An attacker can manipulate HTTP requests containing login information between the web browser and administrative interface to obtain system information and an AuthUUID token. This token can then be leveraged to create a valid administrator session without requiring legitimate credentials (NVD, MDSec Research).
Impact
Successful exploitation allows an unauthenticated attacker to gain unauthorized access to the administrative interface with full administrator privileges. This access could enable the attacker to access sensitive data, modify backup configurations, and potentially execute arbitrary code on the system. The vulnerability is particularly concerning for organizations using Arcserve UDP for their backup infrastructure, as compromise could affect disaster recovery capabilities (SecurityWeek).
Mitigation and workarounds
Arcserve recommends that all users upgrade to UDP version 9.1, which contains fixes for this vulnerability. For organizations unable to upgrade immediately, Arcserve has provided manual patches for each affected major version (7.x, 8.x, and 9.x). Additionally, organizations should consider temporarily blocking inbound traffic to Arcserve UDP servers (ports 8014 and 8015) until patches can be applied (Arctic Wolf).
Additional resources
Source: This report was generated using AI
Related Arcserve Unified Data Protection vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management