“This unauthenticated arbitrary file read vulnerability essentially provides attackers with the ability to access any file on the target system, including critical configuration files and credentials,” explained security researchers at watchTowr Labs. Risk FactorsDetailsAffected ProductsNAKIVO Backup & Replication versions 10.11.3.86570 and earlierImpactArbitrary file read, Exposure of sensitive data, Remote code executionExploit PrerequisitesNetwork access to the NAKIVO Backup & Replication application. “As we’ve seen in numerous incidents, ransomware gangs tend to prefer situations in which they get paid and typically go that extra mile to ensure their victims can’t simply roll their systems back, including nuking and destroying any in-place backup mechanisms,” noted watchTowr researchers. The vulnerability, tracked as CVE-2024-48248, allows unauthenticated attackers to read arbitrary files from systems running vulnerable versions of the software. This request returns the content of the specified file encoded as an array of decimal ASCII values, allowing attackers to read sensitive system files. In NAKIVO Backup and Replication version 10.11.3.86570 and earlier, the flaw is classified as an absolute path traversal vulnerability (CWE-36). The vulnerability can be leveraged to extract database credentials, AWS keys, SSH credentials, and other sensitive information used by the backup solution to connect to various systems.
This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 20 Mar 2025 11:05:06 +0000