Plateforme
java
Composant
arcserve-unified-data-protection
Corrigé dans
9.2.1
8.1.1
CVE-2024-0799 describes a critical authentication bypass vulnerability discovered in Arcserve Unified Data Protection (UDP) versions 8.1 and 9.2. This flaw allows attackers to circumvent authentication mechanisms, potentially granting them unauthorized access to sensitive data and system functionalities. The vulnerability resides within the edge-app-base-webui.jar file, specifically in the com.ca.arcserve.edge.app.base.ui.server.EdgeLoginServiceImpl.doLogin() function. A patch is available in version 9.2.1.
The impact of CVE-2024-0799 is severe due to the ease with which an attacker can bypass authentication. Successful exploitation could allow an attacker to gain complete control over the Arcserve UDP system, including access to backups, recovery operations, and configuration settings. This could lead to data breaches, data corruption, denial of service, and potentially, lateral movement within the network if the UDP system has access to other resources. The ability to bypass authentication significantly expands the attack surface and increases the risk of a successful compromise. This vulnerability shares characteristics with other authentication bypass flaws, where improper validation of user credentials allows unauthorized access.
CVE-2024-0799 was publicly disclosed on March 13, 2024. The vulnerability has a CVSS score of 9.8 (CRITICAL), indicating a high probability of exploitation. While no public proof-of-concept (PoC) has been released at the time of writing, the ease of exploitation suggested by the vulnerability description raises concerns about potential exploitation in the wild. It has not yet been added to the CISA KEV catalog.
Organizations utilizing Arcserve Unified Data Protection versions 8.1 and 9.2 are at risk, particularly those with exposed web interfaces or weak authentication configurations. Shared hosting environments where multiple customers share the same UDP instance are also at increased risk, as a compromise of one customer could potentially impact others.
• java / server:
find /opt/arcserve/udp/edge-app-base-webui.jar -name "*EdgeLoginServiceImpl.doLogin()*"• java / server:
grep -r "EdgeLoginServiceImpl.doLogin()" /opt/arcserve/udp/*• generic web: Check UDP web interface login page for unusual behavior or successful logins with invalid credentials.
disclosure
Statut de l'Exploit
EPSS
38.90% (percentile 97%)
CISA SSVC
Vecteur CVSS
The primary mitigation for CVE-2024-0799 is to upgrade Arcserve Unified Data Protection to version 9.2.1 or later, which includes the necessary fix. If an immediate upgrade is not feasible, consider implementing temporary workarounds such as restricting network access to the UDP web interface, enforcing strong password policies, and enabling multi-factor authentication where possible. Monitoring authentication logs for suspicious activity is also recommended. After upgrading, verify the fix by attempting to access the UDP web interface with invalid credentials; authentication should be denied.
Mettez à jour Arcserve Unified Data Protection vers une version ultérieure à la 9.2 ou 8.1 qui a corrigé la vulnérabilité de contournement de l'authentification. Consultez le site web du fournisseur pour obtenir la dernière version et les instructions de mise à jour.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2024-0799 is a critical authentication bypass vulnerability in Arcserve Unified Data Protection (UDP) versions 8.1 and 9.2, allowing attackers to bypass authentication and potentially gain unauthorized access.
If you are using Arcserve UDP versions 8.1 or 9.2, you are potentially affected by this vulnerability. Upgrade to version 9.2.1 or later to mitigate the risk.
The recommended fix is to upgrade Arcserve UDP to version 9.2.1 or later. If an immediate upgrade is not possible, implement temporary workarounds like restricting network access and enforcing strong passwords.
While no public proof-of-concept exists, the ease of exploitation suggests a potential for active exploitation. Continuous monitoring is advised.
Refer to the official Arcserve security advisory for detailed information and guidance: [https://www.arcserve.com/security-advisories](https://www.arcserve.com/security-advisories)
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.
Téléverse ton fichier pom.xml et nous te dirons instantanément si tu es affecté.