First published: Mon Nov 27 2023(Updated: )
Arcserve UDP prior to 9.2 contains a path traversal vulnerability in com.ca.arcflash.ui.server.servlet.FileHandlingServlet.doUpload(). An unauthenticated remote attacker can exploit it to upload arbitrary files to any location on the file system where the UDP agent is installed.
Credit: vulnreport@tenable.com
Affected Software | Affected Version | How to fix |
---|---|---|
<9.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-42000 is a vulnerability in Arcserve UDP Agent that allows unauthenticated remote attackers to upload arbitrary files to any location on the file system.
CVE-2023-42000 has a severity rating of critical with a CVSS score of 9.8.
CVE-2023-42000 affects Arcserve UDP versions up to and including 9.2.
An unauthenticated remote attacker can exploit CVE-2023-42000 to upload arbitrary files to any location on the file system where the UDP agent is installed.
It is recommended to upgrade to a version of Arcserve UDP that is not affected by CVE-2023-42000.