Cyber ThreatsTech News

CVE-2024-48248: High-Severity NAKIVO Backup & Replication Vulnerability Actively Exploited

riviTMedia Research
riviTMedia Research

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently added a newly discovered security flaw affecting NAKIVO Backup & Replication software to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability, designated as CVE-2024-48248, has been actively exploited in the wild, posing a significant security risk to affected systems.

Contents
Overview of CVE-2024-48248Affected VersionsHow CVE-2024-48248 is ExploitedPotential Impact of CVE-2024-48248Other Vulnerabilities Added to the KEV CatalogCISA’s Response and Security MandatesPreventive Measures Against CVE-2024-48248Steps to Check for and Mitigate the VulnerabilityFinal ThoughtsReferencesProtect Your Business’ Cybersecurity Now!

Overview of CVE-2024-48248

CVE-2024-48248 is an absolute path traversal vulnerability in NAKIVO Backup & Replication software that allows unauthorized attackers to access and read sensitive files stored on compromised systems. The flaw has been assigned a CVSS severity score of 8.6, categorizing it as a high-severity vulnerability.

Affected Versions

All versions of NAKIVO Backup & Replication prior to 10.11.3.86570 are affected by this flaw. The vulnerability was patched in version 11.0.0.88174, released in November 2024.

How CVE-2024-48248 is Exploited

Threat actors exploiting this vulnerability can access critical system files, including /etc/shadow, through the /c/router endpoint. The flaw allows unauthorized access to configuration files, backups, and stored credentials.

Potential Impact of CVE-2024-48248

Cybersecurity firm watchTowr Labs has confirmed that a proof-of-concept (PoC) exploit was publicly released at the end of last month, significantly increasing the risk of widespread exploitation. Attackers can leverage this vulnerability to:

  • Extract credentials from the product01.h2.db database file, potentially compromising entire backup environments.
  • Access backup configurations and system files, leading to privilege escalation and further exploitation.
  • Serve as a stepping stone for deeper infiltration into the affected network, enabling adversaries to take full control over affected systems.

Given the potential consequences of a successful attack, security experts strongly advise organizations using NAKIVO Backup & Replication to take immediate remedial actions.

Other Vulnerabilities Added to the KEV Catalog

Alongside CVE-2024-48248, CISA has also added two other vulnerabilities to its KEV catalog:

  • CVE-2025-1316 (CVSS 9.3) – A critical OS command injection flaw in Edimax IC-7100 IP cameras that allows remote attackers to execute arbitrary commands. This vulnerability remains unpatched as the device has reached end-of-life.
  • CVE-2017-12637 (CVSS 7.5) – A directory traversal vulnerability in SAP NetWeaver Application Server (AS) Java, which attackers can exploit to read arbitrary files.

Cybersecurity firm Akamai has observed that CVE-2025-1316 has been exploited since May 2024, with attackers leveraging default credentials to integrate compromised Edimax cameras into Mirai botnet variants.

CISA’s Response and Security Mandates

In response to these threats, CISA has issued a directive requiring all Federal Civilian Executive Branch (FCEB) agencies to implement the necessary security patches by April 9, 2025. Organizations that fail to apply the patches remain at heightened risk of exploitation.

Preventive Measures Against CVE-2024-48248

To mitigate the risks associated with CVE-2024-48248, security experts recommend the following best practices:

  1. Immediate Software Update:
    • Upgrade to NAKIVO Backup & Replication v11.0.0.88174 or later, as this version contains a security patch addressing the flaw.
    • Regularly check for and apply security updates to keep software secure from emerging vulnerabilities.
  2. Restrict Access to Backup Systems:
    • Limit network exposure of backup servers by placing them behind firewalls.
    • Use Virtual Private Network (VPN) or Zero Trust Network Access (ZTNA) solutions for remote access.
  3. Monitor for Suspicious Activities:
    • Review system logs for unauthorized access attempts.
    • Deploy Intrusion Detection Systems (IDS) to detect and block malicious exploitation attempts.
  4. Secure Credential Storage:
    • Store backup credentials in a separate, secure location.
    • Implement multi-factor authentication (MFA) to reduce the risk of credential theft.
  5. Apply Principle of Least Privilege (PoLP):
    • Restrict user permissions to minimize access to critical backup files and configurations.
    • Regularly audit user privileges and remove unnecessary administrative access.

Steps to Check for and Mitigate the Vulnerability

If your organization uses NAKIVO Backup & Replication software, follow these steps to determine if you are vulnerable and mitigate the risks:

  1. Check the Installed Version:
    • Open NAKIVO Backup & Replication.
    • Navigate to Help → About to verify the current version.
    • If the version is below 11.0.0.88174, the system is vulnerable.
  2. Upgrade to the Latest Version:
    • Download the latest patched version from the official NAKIVO website.
    • Follow the provided installation instructions to update your backup solution.
  3. Review System Logs:
    • Look for unauthorized access attempts, particularly through the /c/router endpoint.
    • Investigate anomalies, such as unexpected file access or database queries.
  4. Change Credentials and Security Keys:
    • If the system was exposed to potential exploitation, reset all credentials stored within the backup environment.
    • Change any compromised passwords and update encryption keys.
  5. Enhance Network Security:
    • Ensure that backup servers are behind a secure firewall.
    • Restrict external access and disable unnecessary services.

Final Thoughts

CVE-2024-48248 represents a significant security risk, especially given its active exploitation in the wild. Organizations using NAKIVO Backup & Replication should immediately update their software and implement robust security measures to protect their infrastructure.

By staying vigilant, applying patches promptly, and following best security practices, businesses can mitigate the risks associated with this vulnerability and safeguard their data against cyber threats.

For further updates and security advisories, organizations should regularly monitor CISA’s KEV catalog and their cybersecurity infrastructure.

References

Protect Your Business’ Cybersecurity Now!

Protect your business from evolving cyber threats with our tailored cybersecurity solutions designed for companies of all sizes. From malware and phishing to ransomware protection, our multi-license packages ensure comprehensive security across all devices, keeping your sensitive data safe and your operations running smoothly. With advanced features like real-time threat monitoring, endpoint security, and secure data encryption, you can focus on growth while we handle your digital protection. **Request a free quote today** for affordable, scalable solutions and ensure your business stays secure and compliant. Don’t wait—get protected before threats strike!

Get Your Quote Here

You Might Also Like

LogicalTool Adware: A Threat Analysis and Comprehensive Removal Guide
Finishedwarmth.club Ads Malware: Removal Guide and Prevention Tips
Tonbaks[.]com Ads: How to Remove Push Notifications and Avoid Future Threats
Omacp on Android: Understanding and Addressing a Mobile Threat
StarStable62: A Sneaky Adware Targeting Mac Users
TAGGED:
Share This Article
Previous Article Remove Mamona Ransomware (HAes)
Next Article Remove Curestin.co.in Fake Alerts
Leave a Comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Download SpyHunter & Scan Your Computer for FREE Now!

Download SpyHunter