CISA has identified a critical security flaw (CVE-2024-48248) in NAKIVO Backup & Replication software, which poses severe risks including unauthorized file reading. The vulnerability affects all versions before 10.11.3.86570 and has a CVSS score of 8.6. Attackers could exploit it to access sensitive data like credentials and configuration files, potentially leading to further exploitation. A proof-of-concept exploit was shared recently by watchTowr Labs. The issue was resolved in update v11.0.0.88174 released in November 2024.
The U.S. Cybersecurity and Infrastructure Security Agency has added a high-severity security flaw impacting NAKIVO Backup & Replication software to its Known Exploited Vulnerabilities catalog.
CISA's advisory highlights how an attacker can exploit an absolute path traversal vulnerability to read sensitive files, including credentials and configuration files.
Collection
[
|
...
]