nvd-json-data-feeds/CVE-2023/CVE-2023-419xx/CVE-2023-41999.json

{
  "id": "CVE-2023-41999",
  "sourceIdentifier": "vulnreport@tenable.com",
  "published": "2023-11-27T17:15:07.980",
  "lastModified": "2024-01-10T23:15:08.663",
  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
      "value": "An authentication bypass exists in Arcserve UDP prior to version 9.2. An unauthenticated, remote attacker can obtain a valid authentication identifier that allows them to authenticate to the management console and perform tasks that require authentication."
    },
    {
      "lang": "es",
      "value": "Existe una omisi\u00f3n de autenticaci\u00f3n en Arcserve UDP antes de la versi\u00f3n 9.2. Un atacante remoto no autenticado puede obtener un identificador de autenticaci\u00f3n v\u00e1lido que le permita autenticarse en la consola de administraci\u00f3n y realizar tareas que requieran autenticaci\u00f3n."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9
      },
      {
        "source": "vulnreport@tenable.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ]
    },
    {
      "source": "vulnreport@tenable.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:arcserve:udp:*:*:*:*:*:*:*:*",
              "versionEndExcluding": "9.2",
              "matchCriteriaId": "DD913BA7-A48E-4406-93FB-4BD86BCD519E"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://www.tenable.com/security/research/tra-2023-37",
      "source": "vulnreport@tenable.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ]
    }
  ]
}