{"id":37470,"date":"2025-03-24T00:37:32","date_gmt":"2025-03-23T23:37:32","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=37470"},"modified":"2025-03-24T00:37:32","modified_gmt":"2025-03-23T23:37:32","slug":"cisa-warns-of-nakivo-backup-replication-vulnerability","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2025\/03\/24\/cisa-warns-of-nakivo-backup-replication-vulnerability\/","title":{"rendered":"CISA warns of NAKIVO Backup &#038; Replication vulnerability"},"content":{"rendered":"<p><img decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline;\" title=\"Sicherheit (Pexels, allgemeine Nutzung)\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2021\/04\/Sicherheit_klein.jpg\" alt=\"Sicherheit (Pexels, allgemeine Nutzung)\" width=\"200\" align=\"left\" \/>[<a href=\"https:\/\/www.borncity.com\/blog\/2025\/03\/22\/cisa-warnt-vor-nakivo-backup-replication-schwachstelle\/\" target=\"_blank\" rel=\"noopener\">German<\/a>]Does anyone in the readership use NAKIVO Backup &amp; Replication for data backup? The US Cybersecurity Agency CISA has published a warning regarding a vulnerability in this solution. Administrators should apply the latest security updates.<\/p>\n<p><!--more--><\/p>\n<h2>NAKIVO Backup &amp; Replication<\/h2>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/vg08.met.vgwort.de\/na\/4002952f526840d2b4c706af108dd31f\" alt=\"\" width=\"1\" height=\"1\" \/>I had a quick look, NAKIVO Backup &amp;amp; Replication is <a href=\"https:\/\/www.nakivo.com\/\" target=\"_blank\" rel=\"noopener\">offered<\/a> in different countries, also in Germany. It is a backup solution that supports various platforms such as Windows, Linux, Amazon EC2, but also virtualization environments such as VMware, Proxmox, Hyper-V, Nutanix, etc.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/i.postimg.cc\/mDDgktZV\/image.png\" alt=\"NAKIVO Backup &amp; Replication\" width=\"640\" height=\"385\" \/><\/p>\n<p>NAKIVO seems to be an alternative to Veeam. The solution for backup and replication is faster, cheaper and more reliable than Veeam. NAKIVO has a global network of over 8,000 partners and over 30,000 active customers in 183 countries. Companies such as Honda, Cisco, Coca-Cola and Siemens use this software internally.<\/p>\n<h2>Vulnerability CVE-2024-48248 is actively exploited<\/h2>\n<p>The entry <a class=\"fui-Link ___1q1shib f2hkw1w f3rmtva f1ewtqcl fyind8e f1k6fduh f1w7gpdv fk6fouc fjoy568 figsok6 f1s184ao f1mk8lai fnbmjn9 f1o700av f13mvf36 f1cmlufx f9n3di6 f1ids18y f1tx3yz7 f1deo86v f1eh06m1 f1iescvh fhgqx19 f1olyrje f1p93eir f1nev41a f1h8hb77 f1lqvz6u f10aw75t fsle3fq f17ae5zn ext\" title=\"CVE-2024-48248, \" href=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2024-48248\" target=\"_blank\" rel=\"noreferrer noopener\" data-extlink=\"\">CVE-2024-48248<\/a><em> NAKIVO Backup and Replication Absolute Path Traversal Vulnerability<\/em> was added to the <a href=\"https:\/\/www.cisa.gov\/news-events\/alerts\/2025\/03\/19\/cisa-adds-three-known-exploited-vulnerabilities-catalog\" target=\"_blank\" rel=\"noopener\">Known Exploited Vulnerabilities Catalog<\/a> on March 19, 2025. Entries of vulnerabilities in products in this catalog mean that the vulnerabilities are actively exploited in the wild by attackers.<\/p>\n<h3>Details about CVE-2024-48248<\/h3>\n<p>NAKIVO Backup &amp;amp;amp; Replication prior to version 11.0.0.88174 allows absolute path traversal for reading files via <em>getImageByPath<\/em> to<em> \/c\/router<\/em>. This can lead to remote code execution across the organization as PhysicalDiscovery has clear text credentials.<\/p>\n<p>WatchTwr Labs disclosed the vulnerability in <a href=\"https:\/\/labs.watchtowr.com\/the-best-security-is-when-we-all-agree-to-keep-everything-secret-except-the-secrets-nakivo-backup-replication-cve-2024-48248\/\" target=\"_blank\" rel=\"noopener\">this post<\/a> at the end of February 2025. NAKIVO had already patched the vulnerability as of November 4, 2024 in version 110 (see\u00a0<a href=\"https:\/\/helpcenter.nakivo.com\/Release-Notes\/Content\/Release-Notes.htm\" target=\"_blank\" rel=\"noopener\">here<\/a>).<\/p>\n<h3>CISA warning<\/h3>\n<p>The colleagues from Bleeping Computer have taken up the CISA warning in <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/cisa-tags-nakivo-backup-flaw-as-actively-exploited-in-attacks\/\" target=\"_blank\" rel=\"noopener\">this article<\/a>. CISA has warned US federal agencies to secure their networks against attacks that exploit the CVE-2024-48248 vulnerability in NAKIVO's backup &amp;amp; replication software.<\/p>\n<p>US Federal Civilian Executive Branch (FCEB) agencies now have three weeks, until April 9, to secure their systems against attacks. Does anyone in the readership use this software, and is it updated?<\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]Does anyone in the readership use NAKIVO Backup &amp; Replication for data backup? The US Cybersecurity Agency CISA has published a warning regarding a vulnerability in this solution. Administrators should apply the latest security updates.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580,1547],"tags":[69,1544],"class_list":["post-37470","post","type-post","status-publish","format-standard","hentry","category-security","category-software","tag-security","tag-software"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/37470","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=37470"}],"version-history":[{"count":1,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/37470\/revisions"}],"predecessor-version":[{"id":37471,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/37470\/revisions\/37471"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=37470"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=37470"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=37470"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}