"New Arcserve UDP Auth Bypass Vulnerability Exploit and PoC Published"
Arcserve has addressed a high-severity security flaw in its Unified Data Protection (UDP) backup software that allows attackers to bypass authentication and gain admin privileges. The vulnerability, tracked as CVE-2023-26258, was discovered by security researchers and enables attackers on the local network to access the UDP admin interface by capturing SOAP requests containing AuthUUIDs to obtain valid administrator sessions. Arcserve has released UDP 9.1 to fix the vulnerability and recommends all users upgrade to this version. The flaw could potentially be used by threat actors to destroy data in ransomware attacks.