CVE-2024-48248
CVE-2024-48248
In short
NAKIVO Backup & Replication versions before 11.0.0.88174 allow attackers to read any file on the system by bypassing directory restrictions, potentially exposing sensitive credentials that could lead to unauthorized access across the entire organization.
Technical detail
The vulnerability exploits path traversal in the getImageByPath function accessible via /c/router endpoint, enabling unauthenticated file disclosure. PhysicalDiscovery component stores cleartext credentials, which when exposed can be leveraged for lateral movement and remote code execution across enterprise infrastructure.
Summary generated and translated by AI from the official description.
NAKIVO Backup & Replication before 11.0.0.88174 allows absolute path traversal for reading files via getImageByPath to /c/router (this may lead to remote code execution across the enterprise because PhysicalDiscovery has cleartext credentials).
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Affected products
NAKIVO · Backup & Replication Directorpublic PoCs found — 2
githubgithub.com/watchtowrlabs/nakivo-arbitrary-file-read-poc-CVE-2024-48248★ 3cve_referencegithub.com/watchtowrlabs/nakivo-arbitrary-file-read-poc-CVE-2024-48248/?ref=labs.watchtowr.comunverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://github.com/watchtowrlabs/nakivo-arbitrary-file-read-poc-CVE-2024-48248/?ref=labs.watchtowr.comhttps://helpcenter.nakivo.com/Release-Notes/Content/Release-Notes.htmhttps://labs.watchtowr.com/the-best-security-is-when-we-all-agree-to-keep-everything-secret-except-the-secrets-nakivo-backup-replication-cve-2024-48248/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-48248