CISA has warned U.S. federal agencies to secure their networks against attacks exploiting a high-severity vulnerability in NAKIVO’s Backup & Replication software.
Tracked as CVE-2024-48248, this absolute path traversal flaw can be exploited by unauthenticated attackers to read arbitrary files on vulnerable devices.
The US-based backup and ransomware recovery software vendor silently patched the security flaw with the release of Backup & Replication v11.0.0.88174 in November, almost two months after being notified of the issue by cybersecurity company watchTowr, who discovered the vulnerability.
“Exploiting this vulnerability could expose sensitive data, including configuration files, backups, and credentials, potentially leading to data breaches or further security compromises,” NAKIVO explains.
“The possibilities are extensive depending on what’s been integrated, and goes beyond merely stealing backups — to essentially unlocking entire infrastructure environments,” watchTowr added.
In February, watchTowr also released a CVE-2024-48248 proof-of-concept described as a “detection artifact generator” that can also serve as “an unofficial NAKIVO customer support tool.”
While NAKIVO did not mark the vulnerability as actively exploited in a security advisory last updated on March 6th, the company still advises customers to check the system logs for signs of “unauthorized access attempts” and “unexpected file access activities.”
Tagged as actively exploited in attacks
Today, CISA added CVE-2024-48248 to its Known Exploited Vulnerabilities catalog, which lists security bugs flagged by the cybersecurity agency as exploited in the wild.
Federal Civilian Executive Branch (FCEB) agencies now have three weeks, until April 9th, to secure their systems against attacks, as mandated by the Binding Operational Directive (BOD) 22-01 issued in November 2021.
“These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise,” CISA said.
While BOD 22-01 only applies to federal agencies, all organizations are advised to prioritize patching this vulnerability as soon as possible to block ongoing attacks.
NAKIVO has a network of over 8,000 partners worldwide and over 30,000 active customers in 183 countries, including high-profile companies like Honda, Cisco, Coca-Cola, and Siemens.
Based on an analysis of 14M malicious actions, discover the top 10 MITRE ATT&CK techniques behind 93% of attacks and how to defend against them.
