PoC for Arcserve UDP authentication bypass flaw published (CVE-2023-26258)

An authentication bypass vulnerability (CVE-2023-26258) in the Arcserve Unified Data Protection (UDP) enterprise data protection solution can be exploited to compromise admin accounts and take over vulnerable instances, MDSec researchers Juan Manuel Fernández and Sean Doherty have found – and have released a PoC exploit for it. CVE-2023-26258, a PoC exploit and additional tools CVE-2023-26258 was discovered during a simulation of a ransomware attack. “The [MDSec ActiveBreach red team was] attempting to compromise the organization’s … More →

The post …

accounts arcserve arcserve udp authentication authentication bypass authentication bypass flaw backup bypass compromise cve data data protection data protection solution don't miss enterprise enterprise data enterprise data protection exploit exploited flaw hot stuff mdsec poc poc exploit protection researchers sean solution udp vulnerability vulnerable