CVE-2024-48248 is an absolute path traversal vulnerability (CWE-36) found in NAKIVO Backup & Replication Director versions before 11.0.0.88174. The flaw exists in the getImageByPath functionality, which improperly validates user-supplied input paths, allowing attackers to traverse directories and read arbitrary files on the underlying filesystem by specifying absolute paths such as /c/router. This vulnerability is critical because the PhysicalDiscovery component stores credentials in cleartext, which can be exposed through this flaw. An attacker exploiting this vulnerability remotely over the network can access sensitive files without authentication or user interaction. The exposure of cleartext credentials may lead to further compromise, including remote code execution within the enterprise environment, escalating the threat beyond mere information disclosure. The CVSS v3.1 score of 8.6 indicates a high-severity issue with network attack vector, low attack complexity, no privileges required, no user interaction, and a confidentiality impact classified as high. Although no public exploits are currently known, the potential impact warrants immediate attention. The vulnerability affects all versions prior to 11.0.0.88174, and no official patches or mitigations have been linked yet, emphasizing the need for proactive defensive measures.

The vulnerability allows unauthenticated remote attackers to read arbitrary files on systems running vulnerable versions of NAKIVO Backup & Replication Director. This can lead to disclosure of sensitive information, including cleartext credentials used by the PhysicalDiscovery component. Such credential exposure can facilitate lateral movement, privilege escalation, and potentially remote code execution within enterprise networks. The compromise of backup infrastructure is particularly severe as it may allow attackers to manipulate or destroy backup data, undermining disaster recovery capabilities. Enterprises relying on NAKIVO for backup and replication are at risk of data breaches, operational disruption, and loss of trust. The high CVSS score reflects the ease of exploitation and the critical confidentiality impact, making this a significant threat to organizations worldwide that use this product.

1. Immediately upgrade NAKIVO Backup & Replication Director to version 11.0.0.88174 or later once the patch is available. 2. Until patching is possible, restrict network access to the Backup & Replication Director interface, limiting it to trusted management networks only. 3. Implement strict firewall rules and network segmentation to isolate backup infrastructure from general enterprise networks and the internet. 4. Monitor logs and network traffic for suspicious access patterns to the getImageByPath endpoint or unusual file read requests. 5. Rotate any credentials stored or used by the PhysicalDiscovery component to mitigate risks from potential credential exposure. 6. Employ application-layer firewalls or web application firewalls (WAFs) with custom rules to detect and block path traversal attempts targeting the vulnerable endpoint. 7. Conduct regular security audits and vulnerability scans on backup infrastructure to detect similar issues proactively. 8. Educate IT and security teams about the risks of path traversal vulnerabilities and the importance of securing backup systems.