CVE-2024-0799

CVE-2024-0799 is a critical security vulnerability identified in the software design and implementation of Arcserve's Unified Data Protection (UDP) solution, a widely used enterprise backup and disaster recovery system. This flaw could potentially allow an attacker to upload malicious files to the underlying Windows system. The vulnerability was one among three discovered vulnerabilities (CVE-2024-0799, CVE-2024-0800, CVE-2024-0801), all of which posed serious threats to the integrity and security of data managed by the UDP solution. Arcserve promptly addressed these security vulnerabilities, with fixes being applied particularly for CVE-2024-0799 and CVE-2024-0800, as reported on March 14, 2024. These patches prevent the chaining of these vulnerabilities to compromise the system. By doing so, they have mitigated the risk of unauthorized file uploads that could jeopardize the security of the Windows system running the UDP solution. Despite the prompt response from Arcserve, the publication of Proof of Concept (PoC) for these vulnerabilities (CVE-2024-0799, CVE-2024-0800) has raised concerns. The dissemination of this information might equip potential attackers with knowledge on exploiting these vulnerabilities. Therefore, it is of utmost importance for all users of Arcserve UDP solution to apply the provided patches immediately to ensure their systems are secure against these vulnerabilities.