US government warns agencies to make sure their backups are safe from NAKIVO security issue

US government warns agencies to make sure their backups are safe from NAKIVO security issue


  • NAKIVO patched a high-severity flaw in November 2024
  • However CISA has now added it to KEV, signalling abuse in the wild
  • The bug can lead to remote code execution

The US Cybersecurity and Infrastructure Security Agency (CISA) added a NAKIVO bug to its Known Exploited Vulnerabilities (KEV) catalog, signaling in-the-wild abuse and giving government agencies a deadline to apply the provided patch.

The bug in question is tracked as CVE-2024-48248. It is an absolute path traversal vulnerability affecting the Backup & Replication software, in versions before 11.0.0.88174.

link

Leave a Reply

Your email address will not be published. Required fields are marked *