Full Report
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity security flaw impacting NAKIVO Backup & Replication software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability in question is CVE-2024-48248 (CVSS score: 8.6), an absolute path traversal bug that could allow an unauthenticated attacker to
Analysis Summary
# Vulnerability: NAKIVO Backup & Replication Absolute Path Traversal Leading to Arbitrary File Read
## CVE Details
- CVE ID: CVE-2024-48248
- CVSS Score: 8.6 (High)
- CWE: Path Traversal (Implied: CWE-22 Absolute Path Traversal)
## Affected Systems
- Products: NAKIVO Backup & Replication software
- Versions: All versions prior to v11.0.0.88174 (specifically prior to 10.11.3.86570 based on the text, but the fix version implies the range).
- Configurations: Unspecified, but execution is possible via network requests.
## Vulnerability Description
The vulnerability is an absolute path traversal bug within NAKIVO Backup & Replication. This flaw allows an unauthenticated attacker to read arbitrary files on the target host by accessing the endpoint `/c/router`. Successful exploitation can lead to the leakage of sensitive data, including configuration files, backup data, and system credentials stored in the embedded H2 database file (`product01.h2.db`).
## Exploitation
- Status: Actively Exploited in the wild (Added to CISA KEV). PoC available.
- Complexity: Low (Implied by unauthenticated access and severity).
- Attack Vector: Network
## Impact
- Confidentiality: High (Allows reading arbitrary files, including credentials and sensitive data).
- Integrity: Low (Primarily a read vulnerability, though data exposure can facilitate further integrity attacks).
- Availability: Low (No immediate impact on service availability is stated).
## Remediation
### Patches
- NAKIVO released fixes in **version v11.0.0.88174** (as of November 2024).
### Workarounds
- No specific workarounds were detailed in the provided text, but immediate patching is mandated for FCEB agencies.
## Detection
- **Indicators of Compromise (IOCs):** Network requests targeting the vulnerable path `/c/router` with path traversal sequences (`../`, etc.) in an attempt to access system files (e.g., `/etc/shadow`).
- **Detection Methods and Tools:** Monitor web traffic logs/WAFs for unusual access patterns to the NAKIVO application endpoints, specifically looking for attempts to read configuration or credential files via the path traversal vector.
## References
- Vendor Advisory (Fixed in v11.0.0.88174): helpcenter[dot]nakivo[dot]com/Release-Notes/Content/v11-Release-Notes/v11.0-Release-Notes[dot]htm
- CISA KEV Catalog Addition: cisa[dot]gov/news-events/alerts/2025/03/19/cisa-adds-three-known-exploited-vulnerabilities-catalog
- PoC Repository: github[dot]com/watchtowrlabs/nakivo-arbitrary-file-read-poc-CVE-2024-48248/