An authentication bypass vulnerability (CVE-2023-26258) in the Arcserve Unified Data Protection (UDP) enterprise data protection solution can be exploited to compromise admin accounts and take over vulnerable instances, MDSec researchers Juan Manuel Fernández and Sean Doherty have found – and have released a PoC exploit for it. CVE-2023-26258, a PoC exploit and additional tools CVE-2023-26258 was discovered during a simulation of a ransomware attack. “The [MDSec ActiveBreach red team was] attempting to compromise the organization’s … More

The post PoC for Arcserve UDP authentication bypass flaw published (CVE-2023-26258) appeared first on Help Net Security.