Get in Touch
Exploit discovered for Arcserve security flaw
Target Industry
Indiscriminate, opportunistic targeting.
Overview
Arcserve has disclosed a high-severity security flaw, tracked as CVE-2023-26258, that relates to an authentication bypass. The flaw pertains to the Arcserve ransomware solution, known as the Unified Data Protection (UDP) backup software.
A Proof of Concept has been released which allows for the retrieval and decryption of credentials on target systems.
Impact
Successful exploitation of CVE-2023-26258 would allow threat actors to bypass authentication requirements and attain administrator privileges. This would subsequently allow threat actors to obtain administrator credentials via decryption methods, leading to backup data to be wiped.
Vulnerability Detection
Arcserve has released a security patch relating to the associated affected products. As such, previous versions are vulnerable to potential exploitation.
Affected Products
Unified Data Protection (UDP) backup software versions 7.0 – 9.0.
Containment, Mitigations & Remediations
It is strongly recommended that users apply the relevant security update found within the Arcserve UDP 9.1 release.
Threat Landscape
Arcserve occupies a significant proportion of the back-up software market share. Given that threat actors generally utilise a combination of probability and asset value to determine which attack surfaces to focus on, it is possible that Arcserve products could emerge as a prime target for threat actors. Due to the fact that back-up software is an integral aspect of business affairs, particularly relating to possible ransomware incidents, threat actors will almost certainly continue to exploit vulnerabilities contained within the associated products in an attempt to compromise the integrity of data within target environments.
Threat Group
No attribution to specific threat actors or groups has been identified at the time of writing.
Mitre Methodologies
Credential Access Technique:
T1556 – Modify Authentication Process
Further Information
