Exploit released for new Arcserve UDP auth bypass vulnerability


Unified Data Protection (UDP) backup software from data protection company Arcserve has been patched to fix a high-severity security hole that might have allowed attackers to bypass authentication and take over the system. On June 27, four months after the flaw was discovered and reported by security researchers Juan Manuel Fernandez and Sean Doherty with MDSec’s ActiveBreach red team, Arcserve released UDP 9.1 to address the vulnerability (recorded as CVE-2023-26258).

Arcserve UDP is a data and ransomware security solution, claims the company, created to assist clients in preventing ransomware attacks, restoring corrupted data, and enabling efficient disaster recovery to guarantee business continuity.

Read More…