Home / Threat Intelligence bulletins / Exploit discovered for Arcserve security flaw

Target Industry

Indiscriminate, opportunistic targeting.


Arcserve has disclosed a high-severity security flaw, tracked as CVE-2023-26258, that relates to an authentication bypass. The flaw pertains to the Arcserve ransomware solution, known as the Unified Data Protection (UDP) backup software.

A Proof of Concept has been released which allows for the retrieval and decryption of credentials on target systems.


Successful exploitation of CVE-2023-26258 would allow threat actors to bypass authentication requirements and attain administrator privileges. This would subsequently allow threat actors to obtain administrator credentials via decryption methods, leading to backup data to be wiped.

Vulnerability Detection

Arcserve has released a security patch relating to the associated affected products. As such, previous versions are vulnerable to potential exploitation.

Affected Products

Unified Data Protection (UDP) backup software versions 7.0 – 9.0.

Containment, Mitigations & Remediations

It is strongly recommended that users apply the relevant security update found within the Arcserve UDP 9.1 release.

Threat Landscape

Arcserve occupies a significant proportion of the back-up software market share. Given that threat actors generally utilise a combination of probability and asset value to determine which attack surfaces to focus on, it is possible that Arcserve products could emerge as a prime target for threat actors. Due to the fact that back-up software is an integral aspect of business affairs, particularly relating to possible ransomware incidents, threat actors will almost certainly continue to exploit vulnerabilities contained within the associated products in an attempt to compromise the integrity of data within target environments.

Threat Group

No attribution to specific threat actors or groups has been identified at the time of writing.

Mitre Methodologies

Credential Access Technique:

T1556 – Modify Authentication Process

Further Information

Arcserve Security Advisory

MDSec Analysis


An Intelligence Terminology Yardstick to showing the likelihood of events