PoC for Critical Arcserve UDP Vulnerabilities Published (CVE-2024-0799, CVE-2024-0800)

NCSA_THAICERT

PoC for Critical Arcserve UDP Vulnerabilities Published (CVE-2024-0799, CVE-2024-0800)

Arcserve has fixed critical security vulnerabilities (CVE-2024-0799, CVE-2024-0800) in its Unified Data Protection (UDP) solution that can be chained to upload malicious files to the underlying Windows system. Tenable researchers have published a PoC exploit script demonstrating the attack, as well as one for triggering a third flaw (CVE-2024-0801) that can lead to denial of service. The three vulnerabilities affect the UDP Console. CVE-2024-0799 is a authentication bypass vulnerability that can be exploited by an unauthenticated remote attacker by sending a POST HTTP message without the password parameter to endpoint /management/wizardLogin.CVE-2024-0800 is a path traversal vulnerability that can be used by authenticated attackers to “upload arbitrary files to any directory on the file system where the UDP Console is installed.” If CVE-2024-0800 is combined with CVE-2024-0799 – as in Tenable’s PoC – an attacker can upload (potentially malicious) files without prior authentication. “The upload operation is carried out under the security context of SYSTEM,” the researchers noted. Finally, CVE-2024-0801 can allow unauthenticated attackers to trigger a termination of the software process.

ที่มาแหล่งข่าว
https://www.helpnetsecurity.com/2024/03/14/cve-2024-0799-cve-2024-0800/

สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand