RULE(RULE ID:338748)

Rule General Information
Release Date: 2025-03-19
Rule Name: NAKIVO Backup & Replication Arbitrary File Read Vulnerability (CVE-2024-48248)
Severity:
CVE ID:
Rule Protection Details
Description: NAKIVO Backup & Replication before 11.0.0.88174 allows absolute path traversal for reading files via getImageByPath to /c/router (this may lead to remote code execution across the enterprise because PhysicalDiscovery has cleartext credentials).
Impact: An attacker could exploit this vulnerability to have unspecified effect.
Affected OS: Windows, Linux, Others
Reference:
Solutions
Please contact the software vendor to update the software patch.