- Nakivo poured a high severity defect in November 2024
- However, Cisa has now added it to Kev, pointing out abuse in nature
- The error can lead to the execution of the remote code
The United States Cybersecurity and Infrastructure Security Agency (CISA) added a nakive error to its well -known catalog of exploited vulnerabilities (KEV), pointing out the abuse in the diver and providing government agencies for a deadline to apply the patch provided.
The error in question is tracked as CVE-2024-48248. It is a transversal vulnerability of absolute route that affects the backup and replication software, in versions before 11.0.88174.
It has a gravity score of 8.6/10 (high) and can lead to the execution of remote code through the vulnerable company.
CISA deadline
The error was paveled in November 2024, two months after Watchtowr Labs proposed it.
“Exploiting this vulnerability could expose confidential data, including configuration files, backups and credentials, which can lead to data violations or more security commitments,” Nakivo said in his security notice.
While the security warning does not discuss the idea of abuse in nature, CISA eliminated any questions when he added the error to the Kev catalog. Now, federal civil executive branch agencies (FCEB) have three weeks (until April 9), to apply the patch or stop using the nakive product completely.
“These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks for the federal company,” said CISA.
While FCEB agencies are mandatory by the binding operational directive (BOD) 22-01, commercial companies are not. It would still be prudent to follow CISA’s leadership and apply the patch, especially knowing that cybercriminals are actively exploiting the error.
Nakivo is a company based in the United States, specialized in support, ransomware protection and disaster recovery solutions for virtual, physical, cloud and SAAS environments.
Backup & Replication is its flagship product, which admits platforms such as VMware vsphere, Hyper-V, Nutanix Ahv, Amazon Aws EC2, Microsoft Azure, Wasabi, Backblaze B2, Microsoft 365 and several NAS devices.
According to some reports, the company has 25,000 clients in 183 countries and a network of more than 7,500 members worldwide. Some of its customers include Honda, Cisco, Coca-Cola and Siemens. Its clientele covers multiple industries, including IT, hospitality, government and education.
Through Bleepingcomputer
