exploitDog

CVE-2023-42000

Опубликовано: 27 нояб. 2023

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

Arcserve UDP prior to 9.2 contains a path traversal vulnerability in com.ca.arcflash.ui.server.servlet.FileHandlingServlet.doUpload(). An unauthenticated remote attacker can exploit it to upload arbitrary files to any location on the file system where the UDP agent is installed.

Ссылки

https://www.tenable.com/security/research/tra-2023-37
Exploit
Third Party Advisory
https://www.tenable.com/security/research/tra-2023-37
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:arcserve:udp:*:*:*:*:*:*:*:*

Версия до 9.2 (исключая)

EPSS

Процентиль: 79%

0.01245

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-22

CWE-22

Связанные уязвимости

GHSA-4xpq-wqf9-p6mv

CVSS3: 6.5

github

около 2 лет назад

Arcserve UDP prior to 9.2 contains a path traversal vulnerability in com.ca.arcflash.ui.server.servlet.FileHandlingServlet.doUpload(). An unauthenticated remote attacker can exploit it to upload arbitrary files to any location on the file system where the UDP agent is installed.

EPSS

Процентиль: 79%

0.01245

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-22

CWE-22