Arcserve Unified Data Protection reports three critical issues, exploit PoCs released
Take action: Upgrading a backup server is never an easy task, even with auto-update. Definitely first confirm that the server is isolated from internet access, and then plan for an update. Because a hacker will eventually arrive inside the network.
Security researchers recently released Proof of Concepts (PoCs) for critical security vulnerabilities in Arcserve's Unified Data Protection (UDP) solution, following Arcserve's fixes for these flaws. The vulnerabilities, tracked as CVE-2023-41998, CVE-2023-41999, and CVE-2023-42000 (all three have CVSS3 scopre 9.8) pose significant risks to the product.
Arcserve Unified Data Protection (UDP) is an advanced data protection, backup, and disaster recovery solution primarily designed for enterprise environments
These vulnerabilities are present in versions of Arcserve UDP prior to v9.2. Arcserve is urging users to upgrade to UDP 9.2, which can be done through the auto-update feature or by downloading the 9.2 RTM build. Additionally, manual patches for older supported versions of Arcserve UDP (9.1, 8.1, and 7.0 Update 2) are available, but these patches must be applied individually to each node.
|Malware Actively Planted on Vulnerable Barracuda email gateways
|ColdFusion Vulnerability Actively Attacked
|Atlassian reports another critical vulnerability in Confluence
|SolarWinds Acces Rights tool critically vulnerable, exposes remote …
|MongoDB reports data breach at Atlas, customer metadata …