CVE-2023-42000
published 2023-11-27CVE-2023-42000: Arcserve UDP prior to 9.2 contains a path traversal vulnerability in com.ca.arcflash.ui.server.servlet.FileHandlingServlet.doUpload(). An unauthenticated…
PriorityP265critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.47%
70.5th percentile
Arcserve UDP prior to 9.2 contains a path traversal vulnerability in com.ca.arcflash.ui.server.servlet.FileHandlingServlet.doUpload(). An unauthenticated remote attacker can exploit it to upload arbitrary files to any location on the file system where the UDP agent is installed.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| arcserve | arcserve_udp | < 9.2 | 9.2 |
| arcserve | udp | < 9.2 | 9.2 |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect unauthenticated multipart file upload POST requests to /fileHandling?action=upload on port 8014, especially those containing path traversal sequences (e.g., /../ or ../) in the filename field of the multipart form data. ↗
- →Monitor for requests to the FileHandlingServlet endpoint (com.ca.arcflash.ui.server.servlet.FileHandlingServlet.doUpload()) that originate without authentication headers/session tokens, as the vulnerability is exploitable by unauthenticated remote attackers. ↗
- →Alert on file creation events in sensitive directories (e.g., Windows/System32) by the Arcserve UDP agent process, which may indicate successful path traversal exploitation. ↗
- ·The vulnerability affects Arcserve UDP prior to version 9.2; patched versions (UDP 7.0u2, 8.1, 9.1 with respective patches, and 9.2+) are not vulnerable. Ensure version checks in detection rules account for patched builds. ↗
- ·The UDP agent listens on port 8014 (HTTPS); network-level detections should target this specific port and protocol combination to avoid false positives on other services. ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
2023-11-27
Published