PT-2020-14669 · Nakivo · Nakivo Backup & Replication Transporter

Published

2020-09-24

Updated

2022-04-05

CVE-2020-15851

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Nakivo Backup & Replication Transporter version 9.4.0.r43656

Description The issue is related to a lack of access control, allowing remote users to access unencrypted backup repositories and the Nakivo Controller configuration via a network-accessible transporter service. It also enables the creation or deletion of backup repositories.

Recommendations For Nakivo Backup & Replication Transporter version 9.4.0.r43656, consider restricting access to the transporter service to minimize the risk of unauthorized access to backup repositories and the Nakivo Controller configuration. As a temporary workaround, limit the ability to create or delete backup repositories until a fix is available.

Exploit

Fix

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

CVE-2020-15851

Affected Products

Nakivo Backup & Replication Transporter

PT-2020-14669 · Nakivo · Nakivo Backup & Replication Transporter

CVE-2020-15851

Weakness Enumeration

Related Identifiers

Affected Products

References · 4