CVE-2024-48248
Published: 04 March 2025
Description
Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials.
Security Summary
CVE-2024-48248 is an absolute path traversal vulnerability (CWE-36) in NAKIVO Backup & Replication versions prior to 11.0.0.88174. The flaw resides in the /c/router endpoint, specifically the getImageByPath function, which allows attackers to read arbitrary files on the affected system. It carries a CVSS v3.1 base score of 8.6 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N), reflecting high severity due to network accessibility, low attack complexity, and no privileges or user interaction required.
Unauthenticated remote attackers can exploit this vulnerability over the network to access sensitive files, achieving high confidentiality impact with a changed scope. The disclosure notes that this file read capability may enable remote code execution across the enterprise, as the PhysicalDiscovery component stores cleartext credentials.
Nakivo's release notes document the fix in version 11.0.0.88174 and later. Watchtower Labs provides a detailed analysis and a proof-of-concept exploit on GitHub demonstrating arbitrary file read.
The vulnerability appears in CISA's Known Exploited Vulnerabilities Catalog, indicating real-world exploitation by adversaries.
Details
- CWE(s)
- KEV Date Added
- 19 March 2025
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Unauthenticated path traversal enables arbitrary file read (T1190: Exploit Public-Facing Application), including cleartext credentials in PhysicalDiscovery files (T1552.001: Credentials In Files), facilitating credential access via exploitation (T1212: Exploitation for Credential Access).