A recently discovered vulnerability (CVE-2024-48248) in NAKIVO Backup and Replication has raised concerns as it is currently being actively exploited by unknown threat actors. This backup, ransomware protection, and disaster recovery solution, utilized by organizations of all sizes and managed service providers (MSPs), has been flagged by the US Cybersecurity and Infrastructure Security Agency (CISA) and added to its Known Exploited Vulnerabilities catalog.
The particular vulnerability, CVE-2024-48248, is categorized as an absolute path traversal vulnerability that could potentially allow remote, unauthenticated attackers to gain access to sensitive data on the targeted system. This includes the ability to read crucial files such as configuration files, backups, and credentials, possibly resulting in data breaches or further security compromises. The severity of this flaw prompted the company to take immediate action upon its discovery in September 2024.
NAKIVO was made aware of this vulnerability by watchTowr researchers, who reported it to the company for mitigation. Subsequently, NAKIVO released a patch in version 11.0.0.88174 of the solution to address the security loophole. However, it was noted that the initial release did not mention the specific fix in the release notes, leading to potential confusion among users about the urgency of updating their systems. It was not until an updated document was released that clarified the inclusion of the vulnerability fix.
In response to the ongoing exploitation of CVE-2024-48248, CISA issued a warning to users to ensure they upgrade to the latest version of NAKIVO Backup & Replication (11.0.0.88174 or newer) to safeguard their systems against potential attacks. Additionally, users were advised to monitor system logs for any unusual or unauthorized access attempts that may indicate exploitation attempts.
Following the initial fix, NAKIVO has released subsequent versions of the software to address additional critical vulnerabilities. The most recent update, version 11.0.2, includes a patch for an XML External Entity flaw discovered in the previous version, 11.0.1.89945. This particular vulnerability could also allow threat actors to retrieve arbitrary files from the targeted system, potentially leading to data leakage, unauthorized system access, and jeopardizing backup and replication processes.
Users are strongly urged to upgrade to the latest version, 11.0.2, to mitigate the risks associated with these security vulnerabilities. Failure to do so could leave systems exposed to exploitation and compromise, posing a significant threat to the security and integrity of data stored within NAKIVO Backup and Replication. As cyber threats continue to evolve and target critical infrastructure, it is imperative for organizations to prioritize regular software updates and security best practices to mitigate risks effectively.