Vulnerabilites related to nakivo - backup_\&_replication_director
Vulnerability from fkie_nvd
Published
2025-03-04 08:15
Modified
2025-03-25 18:48
Severity ?
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Summary
NAKIVO Backup & Replication before 11.0.0.88174 allows absolute path traversal for reading files via getImageByPath to /c/router (this may lead to remote code execution across the enterprise because PhysicalDiscovery has cleartext credentials).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nakivo | backup_\&_replication_director | * |
{ cisaActionDue: "2025-04-09", cisaExploitAdd: "2025-03-19", cisaRequiredAction: "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", cisaVulnerabilityName: "NAKIVO Backup and Replication Absolute Path Traversal Vulnerability", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nakivo:backup_\\&_replication_director:*:*:*:*:*:*:*:*", matchCriteriaId: "25166311-9271-42C2-ADFB-0210B9487BEB", versionEndExcluding: "11.0.0.88174", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "NAKIVO Backup & Replication before 11.0.0.88174 allows absolute path traversal for reading files via getImageByPath to /c/router (this may lead to remote code execution across the enterprise because PhysicalDiscovery has cleartext credentials).", }, { lang: "es", value: "NAKIVO Backup & Replication anterior a 11.0.0.88174 permite el path traversal absoluto para leer archivos a través de getImageByPath a /c/router (esto puede provocar la ejecución remota de código en toda la empresa porque PhysicalDiscovery tiene credenciales de texto sin formato).", }, ], id: "CVE-2024-48248", lastModified: "2025-03-25T18:48:31.753", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 4, source: "cve@mitre.org", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2025-03-04T08:15:33.550", references: [ { source: "cve@mitre.org", tags: [ "Product", ], url: "https://helpcenter.nakivo.com/Release-Notes/Content/Release-Notes.htm", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://labs.watchtowr.com/the-best-security-is-when-we-all-agree-to-keep-everything-secret-except-the-secrets-nakivo-backup-replication-cve-2024-48248/", }, { source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/watchtowrlabs/nakivo-arbitrary-file-read-poc-CVE-2024-48248/?ref=labs.watchtowr.com", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-36", }, ], source: "cve@mitre.org", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-09-24 21:15
Modified
2024-11-21 05:06
Severity ?
Summary
Insecure permissions in Nakivo Backup & Replication Director version 9.4.0.r43656 on Linux allow local users to access the Nakivo Director web interface and gain root privileges. This occurs because the database containing the users of the web application and the password-recovery secret value is readable.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://helpcenter.nakivo.com/display/RN/v10.3+Release+Notes | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://labs.f-secure.com/advisories/nakivo-backup-and-replication-multiple-vulnerabilities | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://helpcenter.nakivo.com/display/RN/v10.3+Release+Notes | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://labs.f-secure.com/advisories/nakivo-backup-and-replication-multiple-vulnerabilities | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nakivo | backup_\&_replication_director | 9.4.0.r43656 | |
| linux | linux_kernel | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nakivo:backup_\\&_replication_director:9.4.0.r43656:*:*:*:*:*:*:*", matchCriteriaId: "14FCC7C5-2E4D-4952-AF8A-86D8ABA72C72", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Insecure permissions in Nakivo Backup & Replication Director version 9.4.0.r43656 on Linux allow local users to access the Nakivo Director web interface and gain root privileges. This occurs because the database containing the users of the web application and the password-recovery secret value is readable.", }, { lang: "es", value: "Unos permisos no seguros en Nakivo Backup & Replication Director versión 9.4.0.r43656 en Linux, permiten a usuarios locales acceder a la interfaz web de Nakivo Director y alcanzar privilegios root. Esto ocurre porque la base de datos que contiene los usuarios de la aplicación web y el valor secreto de recuperación de contraseña es legible.", }, ], id: "CVE-2020-15850", lastModified: "2024-11-21T05:06:18.570", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-09-24T21:15:15.513", references: [ { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://helpcenter.nakivo.com/display/RN/v10.3+Release+Notes", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://labs.f-secure.com/advisories/nakivo-backup-and-replication-multiple-vulnerabilities", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://helpcenter.nakivo.com/display/RN/v10.3+Release+Notes", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://labs.f-secure.com/advisories/nakivo-backup-and-replication-multiple-vulnerabilities", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-276", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
cve-2024-48248
Vulnerability from cvelistv5
Published
2025-03-04 00:00
Modified
2025-03-19 22:20
Severity ?
EPSS score ?
Summary
NAKIVO Backup & Replication before 11.0.0.88174 allows absolute path traversal for reading files via getImageByPath to /c/router (this may lead to remote code execution across the enterprise because PhysicalDiscovery has cleartext credentials).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NAKIVO | Backup & Replication Director |
Version: 0 < 11.0.0.88174 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-48248", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-03-04T15:30:51.644213Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2025-03-19", reference: "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json", }, type: "kev", }, }, ], providerMetadata: { dateUpdated: "2025-03-19T22:20:23.092Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, references: [ { tags: [ "exploit", ], url: "https://github.com/watchtowrlabs/nakivo-arbitrary-file-read-poc-CVE-2024-48248/?ref=labs.watchtowr.com", }, ], timeline: [ { lang: "en", time: "2025-03-19T00:00:00+00:00", value: "CVE-2024-48248 added to CISA KEV", }, ], title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Backup & Replication Director", vendor: "NAKIVO", versions: [ { lessThan: "11.0.0.88174", status: "affected", version: "0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nakivo:backup_\\&_replication_director:*:*:*:*:*:*:*:*", versionEndExcluding: "11.0.0.88174", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], descriptions: [ { lang: "en", value: "NAKIVO Backup & Replication before 11.0.0.88174 allows absolute path traversal for reading files via getImageByPath to /c/router (this may lead to remote code execution across the enterprise because PhysicalDiscovery has cleartext credentials).", }, ], metrics: [ { cvssV3_1: { baseScore: 8.6, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-36", description: "CWE-36 Absolute Path Traversal", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-04T08:11:29.097Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://labs.watchtowr.com/the-best-security-is-when-we-all-agree-to-keep-everything-secret-except-the-secrets-nakivo-backup-replication-cve-2024-48248/", }, { url: "https://helpcenter.nakivo.com/Release-Notes/Content/Release-Notes.htm", }, ], x_generator: { engine: "enrichogram 0.0.1", }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-48248", datePublished: "2025-03-04T00:00:00.000Z", dateReserved: "2024-10-08T00:00:00.000Z", dateUpdated: "2025-03-19T22:20:23.092Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-15850
Vulnerability from cvelistv5
Published
2020-09-24 20:23
Modified
2024-08-04 13:30
Severity ?
EPSS score ?
Summary
Insecure permissions in Nakivo Backup & Replication Director version 9.4.0.r43656 on Linux allow local users to access the Nakivo Director web interface and gain root privileges. This occurs because the database containing the users of the web application and the password-recovery secret value is readable.
References
| ▼ | URL | Tags |
|---|---|---|
| https://labs.f-secure.com/advisories/nakivo-backup-and-replication-multiple-vulnerabilities | x_refsource_MISC | |
| https://helpcenter.nakivo.com/display/RN/v10.3+Release+Notes | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T13:30:22.648Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://labs.f-secure.com/advisories/nakivo-backup-and-replication-multiple-vulnerabilities", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://helpcenter.nakivo.com/display/RN/v10.3+Release+Notes", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2020-09-21T00:00:00", descriptions: [ { lang: "en", value: "Insecure permissions in Nakivo Backup & Replication Director version 9.4.0.r43656 on Linux allow local users to access the Nakivo Director web interface and gain root privileges. This occurs because the database containing the users of the web application and the password-recovery secret value is readable.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-07-29T15:13:45", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://labs.f-secure.com/advisories/nakivo-backup-and-replication-multiple-vulnerabilities", }, { tags: [ "x_refsource_MISC", ], url: "https://helpcenter.nakivo.com/display/RN/v10.3+Release+Notes", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-15850", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Insecure permissions in Nakivo Backup & Replication Director version 9.4.0.r43656 on Linux allow local users to access the Nakivo Director web interface and gain root privileges. This occurs because the database containing the users of the web application and the password-recovery secret value is readable.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://labs.f-secure.com/advisories/nakivo-backup-and-replication-multiple-vulnerabilities", refsource: "MISC", url: "https://labs.f-secure.com/advisories/nakivo-backup-and-replication-multiple-vulnerabilities", }, { name: "https://helpcenter.nakivo.com/display/RN/v10.3+Release+Notes", refsource: "MISC", url: "https://helpcenter.nakivo.com/display/RN/v10.3+Release+Notes", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-15850", datePublished: "2020-09-24T20:23:24", dateReserved: "2020-07-20T00:00:00", dateUpdated: "2024-08-04T13:30:22.648Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }