Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2025/VULN166

_____________________________________________________________________

DATE                : 24/03/2025

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running NAKIVO Backup & Replication 
                     versions up to and including 10.11.3.86570.

=====================================================================
https://www.qnap.com/fr-fr/security-advisory/qsa-25-08
_____________________________________________________________________

Security ID : QSA-25-08

Vulnerability in NAKIVO Backup & Replication
Release date : March 22, 2025

CVE identifier : CVE-2024-48248

Affected products: NAKIVO Backup & Replication 10.11.3.86570 and
earlier


Severity

Important


Status

Fixing

Summary
A vulnerability has been discovered in NAKIVO Backup & Replication
10.11.3.86570 and earlier. This vulnerability allows attackers to
read arbitrary files on the affected system without authentication.
If exploited, the vulnerability could expose sensitive data,
including configuration files, backups, and credentials,
potentially leading to data breaches or further security compromises.

  
We have already removed the affected versions from App Center and
requested NAKIVO to provide a fixed version as soon as possible. 

  

We will update this advisory when the fixed version is available.


Recommendation

We recommend users to install the latest update in App Center as
soon as it becomes available.
  

To benefit from vulnerability fixes, we recommend regularly
updating your system and all applications to the latest version.
You can check QNAP App Center to see the latest application
updates available for your operating system and NAS model.


Reference
Nakivo Security Advisory: CVE-2024-48248

  

Revision History: V1.0 (March 22, 2025) - Published

=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================