Lucene search

K
nessusThis script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.ARCSERVE_UDP_CVE-2024-0799.NBIN
HistoryMar 19, 2024 - 12:00 a.m.

Arcserve UDP Console Authentication Bypass (CVE-2024-0799)

2024-03-1900:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
16
arcserve
authentication bypass
cve-2024-0799
console
scanner

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.4 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

8.8%

The Arcserve Unified Data Protection (UDP) Console running on the remote host is affected by an authentication bypass vulnerability. An unauthenticated, remote attacker can exploit this, via a specially crafted message, to login to the application.

Binary data arcserve_udp_cve-2024-0799.nbin
VendorProductVersionCPE
arcserveudpcpe:/a:arcserve:udp

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.4 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

8.8%

Related for ARCSERVE_UDP_CVE-2024-0799.NBIN