Known Exploited Vulnerabilities CVE-2024-48248

NAKIVO Backup and Replication contains an absolute path traversal vulnerability that enables an attacker to read arbitrary files.

Mappings

Capability ID	Capability Description	Mapping Type	ATT&CK ID	ATT&CK Name	Notes
CVE-2024-48248	NAKIVO Backup and Replication Absolute Path Traversal Vulnerability	exploitation_technique	T1190	Exploit Public-Facing Application	Comments An unauthenticated attacker can send a request to the NAKIVO Backup & Replication endpoint that contains a path to a sensitive file, leading to arbitrary file read. References https://labs.watchtowr.com/the-best-security-is-when-we-all-agree-to-keep-everything-secret-except-the-secrets-nakivo-backup-replication-cve-2024-48248/
CVE-2024-48248	NAKIVO Backup and Replication Absolute Path Traversal Vulnerability	primary_impact	T1005	Data from Local System	Comments An unauthenticated attacker can send a request to the NAKIVO Backup & Replication endpoint that contains a path to a sensitive file, leading to arbitrary file read. References https://labs.watchtowr.com/the-best-security-is-when-we-all-agree-to-keep-everything-secret-except-the-secrets-nakivo-backup-replication-cve-2024-48248/
CVE-2024-48248	NAKIVO Backup and Replication Absolute Path Traversal Vulnerability	secondary_impact	T1003	OS Credential Dumping	Comments An unauthenticated attacker can send a request to the NAKIVO Backup & Replication endpoint that contains a path to a sensitive file, leading to arbitrary file read. References https://labs.watchtowr.com/the-best-security-is-when-we-all-agree-to-keep-everything-secret-except-the-secrets-nakivo-backup-replication-cve-2024-48248/