Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-48248
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
NAKIVO Backup & Replication before 11.0.0.88174 allows absolute path traversal for reading files via getImageByPath to /c/router (this may lead to remote code execution across the enterprise because PhysicalDiscovery has cleartext credentials).
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
绝对路径遍历
Source: NVD (National Vulnerability Database)
Vulnerability Title
Nakivo Backup & Replication 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Nakivo Backup & Replication是美国Nakivo的一种可靠,快速和经济实惠的虚拟机备份方案。NAKIVO Backup & Replication提供了针对VMware环境的可靠,快速和经济实惠的虚拟机数据保护。专为虚拟化,该产品的特点是直观的Web 2.0用户界面,保护现场虚拟机中运行的应用程序和数据库,可以以每分钟的工作频率运行备份和复制,可减少备份的大小与重复数据删除和压缩,加速数据传输与网络加速,使整个VM和粒度恢复,提供报告,加密和云集成功能。 NAKIVO Backup
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
NAKIVOBackup & Replication Director 0 ~ 11.0.0.88174 -
II. Public POCs for CVE-2024-48248
#POC DescriptionSource LinkShenlong Link
1Nonehttps://github.com/watchtowrlabs/nakivo-arbitrary-file-read-poc-CVE-2024-48248POC Details
2NAKIVO Backup & Replication is a data protection solution used for backing up and restoring virtualized and physical environments. A vulnerability has been identified in certain versions of NAKIVO Backup & Replication that allows an unauthenticated attacker to read arbitrary files on the underlying system. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-48248.yamlPOC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2024-48248
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same product: Backup & Replication Director
Same vendor: NAKIVO
Same weakness: CWE-36
V. Comments for CVE-2024-48248

No comments yet

Leave a comment