Arcserve Unified Data Protection Multiple Vulnerabilities | allinfosecnews.com

Nov. 27, 2023, 4:38 p.m. | Jimi Sebree

Tenable Research Advisories www.tenable.com

Arcserve Unified Data Protection Multiple Vulnerabilities

CVE-2023-41998 - Arcserve UDP Unauthenticated RCE

(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

An unauthenticated, remote attacker can execute code remotely via the downloadAndInstallPath() routine within “com.ca.arcflash.rps.webservice.RPSService4CPMImpl.” This routine allows users to upload and execute arbitrary files.

For example, when triggering this method, a malicious actor can cause the service to download a zip file from an attacker-controlled URL to \Engine\BIN\patch\. The zip file is subsequently decompressed and a decompressed EXE file with the same file name as the zip …

actor arbitrary files arcserve arcserve udp attacker code cve cvss data data protection download files malicious protection rce rps service udp unauthenticated upload vulnerabilities zip

More from www.tenable.com / Tenable Research Advisories

Approach.App Multiple Vulnerabilities 1 week, 4 days ago | www.tenable.com

app application exploitation management +9

Karros Technologies Authentication Bypass 1 week, 4 days ago | www.tenable.com

authentication authentication bypass bypass technologies

Ivanti Avalanche WLAvalancheService.exe Unauthenticated Heap-based Buffer Overflow 1 week, 6 days ago | www.tenable.com

avalanche big buffer buffer overflow +12

Path Traversal Affecting Multiple CData Products 3 weeks, 4 days ago | www.tenable.com

application attachment cookie date +14

LG LED Assistant v2.1.65 Multiple Vulnerabilities 1 month ago | www.tenable.com

assistant led vulnerabilities

Arcserve Unified Data Protection 9.2 Multiple Vulnerabilities 1 month, 2 weeks ago | www.tenable.com

arcserve data data protection protection +1

Microsoft Azure Synapse Analytics - Privilege Escalation via Vegas Caching Service 1 month, 3 weeks ago | www.tenable.com

analytics azure azure synapse caching +8

Showdownjs Denial of Service 2 months ago | www.tenable.com

can command concept conditions +17

Missing Authentication for Critical Function in Adobe FrameMaker Publishing Server (FMPS) 2 months, 2 weeks ago | www.tenable.com

accesstoken admin adobe authentication +9

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations

View on infosec-jobs.com

Threat Analysis Engineer

@ Gen | IND - Tamil Nadu, Chennai

View on infosec-jobs.com

Head of Security

@ Hippocratic AI | Palo Alto

View on infosec-jobs.com

IT Security Vulnerability Management Specialist (15.10)

@ OCT Consulting, LLC | Washington, District of Columbia, United States

View on infosec-jobs.com

Security Engineer - Netskope/Proofpoint

@ Sainsbury's | Coventry, West Midlands, United Kingdom

View on infosec-jobs.com

Journeyman Cybersecurity Analyst

@ ISYS Technologies | Kirtland AFB, NM, United States

View on infosec-jobs.com