For customers running NAKIVO Backup & Replication software, we’ve received the following communication regarding a critical vulnerability in versions prior to 11.0.0.88174.
We are writing to inform you of a critical security vulnerability identified in NAKIVO Backup & Replication versions prior to 11.0.0.88174, designated as CVE-2024-48248. This vulnerability allows unauthenticated attackers to read arbitrary files on the affected system, potentially exposing sensitive information such as configuration files, backups, and credentials.
Affected Versions:
- NAKIVO Backup & Replication versions 10.11.3.86570 and earlier.
Recommended Actions:
- Immediate Upgrade: We strongly recommend upgrading to NAKIVO Backup & Replication version 11.0.0.88174 or later here, where this vulnerability has been addressed.
- Review Access Logs: Examine your system’s access logs for any unusual or unauthorized activities to identify potential exploitation attempts.
- Enhance Network Security: Implement network segmentation and access controls to limit exposure of backup systems to untrusted networks.
If you require assistance with the update process, please don’t hesitate to get in touch with the Touchpoint team on (02) 8424 3500.