Summary: CISA has issued a warning for U.S. federal agencies to secure their networks against a critical vulnerability (CVE-2024-48248) in NAKIVOβs Backup & Replication software, which can be exploited by unauthenticated attackers. The vulnerability allows attackers to access sensitive files, posing a significant risk of data breaches. Despite a patch release, organizations are urged to monitor for unauthorized access attempts and secure their systems promptly.
Affected: NAKIVO Backup & Replication software
Keypoints :
- The vulnerability tracked as CVE-2024-48248 enables absolute path traversal and file reading by unauthorized users.
- NAKIVO released a silent patch two months after being notified, but organizations are advised to check system logs for suspicious activities.
- CISA has added this vulnerability to its Known Exploited Vulnerabilities catalog, emphasizing the need for urgent action from federal agencies.