exploitDog

CVE-2023-41999

Опубликовано: 27 нояб. 2023

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

An authentication bypass exists in Arcserve UDP prior to version 9.2. An unauthenticated, remote attacker can obtain a valid authentication identifier that allows them to authenticate to the management console and perform tasks that require authentication.

Ссылки

https://www.tenable.com/security/research/tra-2023-37
Exploit
Third Party Advisory
https://www.tenable.com/security/research/tra-2023-37
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:arcserve:udp:*:*:*:*:*:*:*:*

Версия до 9.2 (исключая)

EPSS

Процентиль: 35%

0.00145

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-287

CWE-287

Связанные уязвимости

GHSA-5mpg-rwcj-r8cj

CVSS3: 8.3

github

около 2 лет назад

An authentication bypass exists in Arcserve UDP prior to version 9.2. An unauthenticated, remote attacker can obtain a valid authentication identifier that allows them to authenticate to the management console and perform tasks that require authentication.

EPSS

Процентиль: 35%

0.00145

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-287

CWE-287