{"id":2449,"date":"2025-03-21T11:50:58","date_gmt":"2025-03-21T11:50:58","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=2449"},"modified":"2025-03-21T11:50:58","modified_gmt":"2025-03-21T11:50:58","slug":"cisa-marks-nakivos-critical-backup-vulnerability-as-actively-exploited","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=2449","title":{"rendered":"CISA marks NAKIVO\u2019s critical backup vulnerability as actively exploited"},"content":{"rendered":"
\n
\n
\n
\n
<\/div>\n

The Cybersecurity and Infrastructure Security Agency (CISA) has added a patched, high-severity vulnerability affecting NAKIVO\u2019s backup and replication software to its known exploited vulnerability (KEV) catalog.<\/p>\n

The flaw, tracked as CVE-2024-48248<\/a>, is a path traversal issue that received a high severity rating with CVSS 8.6 out of 10 and was marked \u201ccritical\u201d by NAKIVO in a security advisory.<\/p>\n

\u201cThis vulnerability allows attackers to read arbitrary files on the affected system without authentication,\u201d NAKIVO had said in the advisory<\/a>. \u201cExploiting this vulnerability could expose sensitive data, including configuration files, backups, and credentials, potentially leading to data breaches or further security compromises.\u201d<\/p>\n

The backup solutions vendor rolled out a fix to the issue with the release of Backup & Replication v11.0.0.88174<\/a>.<\/p>\n

<\/a>Flaw likely exploited as N-days<\/h2>\n

The flaw is likely abused in N-day exploitation as the vendor advisory last updated on March 6 did not mark it as actively exploited.<\/p>\n

The vulnerability was first identified and brought to NAKIVO\u2019s notice by the cybersecurity firm watchTowr on September 13, 2024. It took NAKIVO over a month to acknowledge watchTowr\u2019s discovery via email, and \u201csilently\u201d patch the vulnerability on November 4, 2024, watchTowr said in a blog post.<\/p>\n

The in-the-wild exploitation, as tagged by CISA, follows watchTowr\u2019s public disclosure of the vulnerability, along with a proof of concept (PoC) exploit, in February 2024. While it is hard to tell if threat actors picked up watchTowr\u2019s PoC exploits for the said attacks, it appears the latter was aware of the risks involved in disclosures.<\/p>\n

\u201cAs an industry, we believe that we\u2019ve come to a common consensus after 25 years of circular debates \u2013 disclosure is terrible, information is actually dangerous, it\u2019s best that it\u2019s not shared, and the only way to really ensure that no one ever uses information in a way that you don\u2019t like (this part is key) is to make up terms for your way of doing things,\u201d watchTowr had said in the blog post<\/a>.<\/p>\n

Quite interestingly, a day after the CISA alert, watchTowr pulled the curtains on another critical vulnerability in Veeam backup servers<\/a> that allowed remote code execution.<\/p>\n

CISOs advised to push for immediate patching<\/h2>\n

CISA has advised immediate federal and civilian patching of the flaw. For the Federal Civilian Executive Branch (FCEB) agencies, the US cybersecurity watchdog has stipulated a patching deadline of April 19, 2025, in accordance with the BOD 22-01<\/a> directive.<\/p>\n

\u201cApply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable,\u201d CISA said in the KEV update<\/a>. Although NAKIVO\u2019s advisory does not mention in-the-wild activities, the vendors quite clearly emphasized admins upgrade to the secure version immediately. Apart from patching, the advisory recommended reviewing access logs and enhancing network security through segmentation and robust firewalling as additional mitigation steps.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"

The Cybersecurity and Infrastructure Security Agency (CISA) has added a patched, high-severity vulnerability affecting NAKIVO\u2019s backup and replication software to its known exploited vulnerability (KEV) catalog. The flaw, tracked as CVE-2024-48248, is a path traversal issue that received a high severity rating with CVSS 8.6 out of 10 and was marked \u201ccritical\u201d by NAKIVO in […]<\/p>\n","protected":false},"author":0,"featured_media":2446,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-2449","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/2449"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2449"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/2449\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/2446"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2449"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2449"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2449"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}