Critical Vulnerabilities in Arcserve UDP Software Demand Urgent Action

Security researchers at Tenable have exposed a dangerous chain of vulnerabilities within Arcserve Unified Data Protection (UDP), a widely used backup and disaster recovery solution. These flaws could allow attackers to bypass authentication mechanisms, upload malicious files, and even crash critical backup systems.

Vulnerability Breakdown

The three critical vulnerabilities tracked as CVE-2024-0799, CVE-2024-0800, and CVE-2024-0801, affect Arcserve UDP versions 9.2 and 8.1. Here’s what you need to know:

• CVE-2024-0799: Authentication Bypass (CVSS Score 9.8) This critical vulnerability allows a remote, unauthenticated attacker to completely bypass login protection and gain unrestricted access to management functions within the Arcserve UDP console.

• CVE-2024-0800: Path Traversal (CVSS Score 8.8) An authenticated attacker could exploit this flaw to upload arbitrary files anywhere on the system hosting the Arcserve UDP console. This could lead to the deployment of malware or further system compromise, particularly dangerous as uploads execute with SYSTEM privileges.

• CVE-2024-0801: Denial of Service (CVSS Score 7.5) While less directly exploitable, this vulnerability still poses a risk. Attackers without authentication can trigger a crash in Arcserve UDP by simply sending crafted login requests.

Double Trouble

The most severe aspect of this advisory is that CVE-2024-0799 and CVE-2024-0800 can be chained together with devastating consequences. Tenable has even published proof-of-concept (PoC) code illustrating this exploit scenario.

The Stakes Are High

Arcserve UDP is a cornerstone of data protection for many organizations. A compromise of this software could result in:

• Data Exfiltration: Attackers gaining access to sensitive backups of corporate information.
• Ransomware Deployment: Malicious files uploaded to the backup server could be used to launch crippling ransomware attacks.
• Disrupted Recovery: Denial-of-service attacks on backup systems could hinder an organization’s ability to restore data in the event of a cyber incident.

Call to Action

Arcserve has released patches to address these vulnerabilities. IT teams using Arcserve UDP 8.1 or 9.2 must take immediate action:

1. Patch Now: Download and install the relevant patches from the official Arcserve support portal

   • For Arcserve UDP 8.1
   • For Arcserve UDP 9.2

2. Monitor Closely: Keep a watchful eye on network logs for any suspicious activity that might indicate attempts to exploit these vulnerabilities.

3. Review Security Posture: Use this as an opportunity to re-evaluate your overall cybersecurity strategy. Consider implementing layered defenses with firewalls, intrusion detection systems, and regular vulnerability scanning.