### [CVE-2024-48248](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-48248)
![](https://img.shields.io/static/v1?label=Product&message=Backup%20%26%20Replication%20Director&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-36%20Absolute%20Path%20Traversal&color=brightgreen)

### Description

NAKIVO Backup & Replication before 11.0.0.88174 allows absolute path traversal for reading files via getImageByPath to /c/router (this may lead to remote code execution across the enterprise because PhysicalDiscovery has cleartext credentials).

### POC

#### Reference
- https://github.com/watchtowrlabs/nakivo-arbitrary-file-read-poc-CVE-2024-48248/?ref=labs.watchtowr.com
- https://labs.watchtowr.com/the-best-security-is-when-we-all-agree-to-keep-everything-secret-except-the-secrets-nakivo-backup-replication-cve-2024-48248/

#### Github
- https://github.com/20142995/nuclei-templates
- https://github.com/Ostorlab/KEV
- https://github.com/Threekiii/CVE
- https://github.com/packetinside/CISA_BOT
- https://github.com/ums91/CISA_BOT
- https://github.com/watchtowrlabs/nakivo-arbitrary-file-read-poc-CVE-2024-48248