Advertisements
The Cybersecurity and Infrastructure Security Agency (CISA) has added three critical vulnerabilities affecting Nakivo Backup & Replication, SAP NetWeaver, and Edimax IP cameras to its Known Exploited Vulnerabilities (KEV) catalog, citing active exploitation.
1. Nakivo Backup & Replication Vulnerability (CVE-2024-48248)
Type: Absolute Path Traversal.
Description:
- This vulnerability allows an unauthenticated attacker to exploit an absolute path traversal flaw in Nakivo Backup & Replication software.
- Attackers can read arbitrary files on the target host, including sensitive files like
/etc/shadow, by exploiting the endpoint/c/router. - The flaw exposes configuration files, backups, and credentials, which could be leveraged for further attacks.
Affected Versions:
- All versions prior to 10.11.3.86570.
Impact:
- Unauthorized access to sensitive data, including stored credentials and configuration files.
- Potential for attackers to escalate privileges or compromise additional systems.
Mitigation:
- Update to version 11.0.0.88174 or later, which addresses this vulnerability.
- Restrict access to the Nakivo interface and monitor for unusual activity.
2. SAP NetWeaver Vulnerability (CVE-2017-12637)
Type: Directory Traversal.
Description:
- This vulnerability exists in the SAP NetWeaver Application Server (AS) Java, specifically in the
scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJScomponent. - Attackers can exploit a directory traversal flaw by including
..(dot-dot) sequences in the query string, allowing them to read arbitrary files on the server.
Affected Versions:
- SAP NetWeaver AS Java versions prior to the patch released in 2017.
Impact:
- Unauthorized access to sensitive files and directories.
- Potential for attackers to gather information for further exploitation.
Mitigation:
- Apply the patch provided by SAP in 2017.
- Ensure all SAP systems are updated and properly configured to prevent exploitation.
3. Edimax IP Camera Vulnerability (CVE-2025-1316)
Type: OS Command Injection.
Description:
- This vulnerability exists in the Edimax IC-7100 IP camera due to improper input sanitization.
- Attackers can achieve remote code execution (RCE) by sending specially crafted requests to the device.
- The vulnerability has been actively exploited to deploy Mirai botnet variants, targeting devices with default credentials.
Affected Devices:
- Edimax IC-7100 IP cameras, which have reached end-of-life and are no longer supported by the manufacturer.
Impact:
- Full remote control of the device, enabling attackers to use it for botnet activities or surveillance.
- Potential for lateral movement within the network if the device is connected to critical systems.
Mitigation:
- Replace affected devices with newer, supported models.
- Disable internet access for vulnerable devices and change default credentials immediately.
CISA’s Recommendations
- Federal Civilian Executive Branch (FCEB) Agencies:
- Must apply necessary mitigations by April 9, 2025, as mandated by Binding Operational Directive (BOD) 22-01.
- All Organizations:
- Prioritize patching or replacing affected systems to mitigate the risks associated with these vulnerabilities.
These additions to the KEV catalog highlight the importance of addressing vulnerabilities in both enterprise software and IoT devices
