CVE-2023-42000: Arcserve UDP Agent Unauthenticated Path Traversal File Upload
First published: Mon Nov 27 2023(Updated: )
Arcserve UDP prior to 9.2 contains a path traversal vulnerability in com.ca.arcflash.ui.server.servlet.FileHandlingServlet.doUpload(). An unauthenticated remote attacker can exploit it to upload arbitrary files to any location on the file system where the UDP agent is installed.
Credit: vulnreport@tenable.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| <9.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-42000?
CVE-2023-42000 is a vulnerability in Arcserve UDP Agent that allows unauthenticated remote attackers to upload arbitrary files to any location on the file system.
What is the severity of CVE-2023-42000?
CVE-2023-42000 has a severity rating of critical with a CVSS score of 9.8.
How does CVE-2023-42000 affect Arcserve UDP?
CVE-2023-42000 affects Arcserve UDP versions up to and including 9.2.
How can an attacker exploit CVE-2023-42000?
An unauthenticated remote attacker can exploit CVE-2023-42000 to upload arbitrary files to any location on the file system where the UDP agent is installed.
Is there a fix available for CVE-2023-42000?
It is recommended to upgrade to a version of Arcserve UDP that is not affected by CVE-2023-42000.
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- agent/weakness
- collector/mitre-cve
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/arcserve
- canonical/arcserve udp