Warning: RCE Vulnerability In Nakivo Backup & Replication, Patch Immediately!

Gepubliceerd : 07/03/2025

Reference:
Advisory #2025-51

Version:
1.0

Affected software:
NAKIVO Backup and Replication (before v11.0)

Type:
Arbitrary File Read vulnerability

CVE/CVSS:
CVE-2024-48248: CVSS 8.6 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N)

Sources

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48248

Risks

An unauthenticated Arbitrary File Read vulnerability has been identified in NAKIVO Backup & Replication.

Backup solutions like NAKIVO are prime targets for ransomware attackers because they can disrupt recovery processes by corrupting or deleting backup data. This vulnerability poses a significant risk to the confidentiality, integrity, and availability of an organization’s data. Unauthorized access to sensitive files, including configuration files and backup data, can lead to data breaches and operational disruptions.

Immediate action is recommended to update to the latest software version to mitigate this risk.

Description

CVE-2024-48248: NAKIVO Backup & Replication (Unauthenticated Arbitrary File Read)

The vulnerability allows absolute path traversal for reading files via getImageByPath to /c/router (this may lead to remote code execution across the enterprise). Attackers can exploit this by sending crafted HTTP requests. This vulnerability is critical as it potentially enables attackers to exfiltrate sensitive data, leading to unauthorized access to backup data and other critical information.

Recommended Actions

Patch

The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing. Please install v11.0.0.88174 or above, where the vulnerability has been patched.

Strengthen Network Security

Ensure that backup solutions are isolated from general network access and only accessible by authorized personnel. Avoid exposing your backup instances to the public internet. Implement VPNs to provide secure remote access for authorized users with MFA enabled.

Monitor/Detect

The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.

In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident.

While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.

References

NAKIVO: https://helpcenter.nakivo.com/Release-Notes/Content/Release-Notes.htm

watchTowr: https://labs.watchtowr.com/the-best-security-is-when-we-all-agree-to-keep-everything-secret-except-the-secrets-nakivo-backup-replication-cve-2024-48248/

watchTowr POC:https://github.com/watchtowrlabs/nakivo-arbitrary-file-read-poc-CVE-2024-48248/?ref=labs.watchtowr.com