A high-severity vulnerability has been identified in the Backup Configuration component of multiple Backup products. A remote attacker who has valid user credentials can exploit this flaw to tamper with system files or execute arbitrary code, potentially leading to a full system compromise and significant data integrity issues.

This is an input neutralization vulnerability, specifically a path traversal flaw, within the Backup Configuration component. An authenticated attacker can submit specially crafted input, such as a filename containing directory traversal sequences (e.g., ../../), to the backup configuration function. The application fails to properly sanitize this input, allowing the attacker to navigate outside of the intended directory and access, modify, or create files in arbitrary locations on the server's file system. This capability can be leveraged to overwrite critical system files for file tampering or to upload and execute a malicious script, resulting in remote code execution (RCE).

This vulnerability is rated as high severity with a CVSS score of 8.2. Successful exploitation could have a significant negative impact on the business. An attacker achieving remote code execution could gain full control of the affected system, leading to a complete loss of confidentiality, integrity, and availability. Potential consequences include the exfiltration of sensitive company or customer data, deployment of ransomware, disruption of critical business operations that rely on the compromised system, and the ability for an attacker to pivot to other systems within the network. The cost of incident response, system restoration, and potential reputational damage is substantial.

Immediate Action: Apply the security patches provided by the vendor to all affected systems immediately, prioritizing those that are internet-facing. After patching, review system and application access logs for any signs of compromise or exploitation attempts that may have occurred prior to the patch being applied.

Proactive Monitoring: Security teams should actively monitor for signs of exploitation. This includes reviewing web server and application logs for requests to the Backup Configuration component that contain path traversal patterns (e.g., ../, ..%2f). Monitor for unexpected file modifications or creations in sensitive system directories (e.g., /etc, C:\Windows\System32) and for any unusual processes being spawned by the Backup application's service account. File Integrity Monitoring (FIM) and Endpoint Detection and Response (EDR) solutions can help automate the detection of such activity.

Compensating Controls: If patching is not immediately possible, implement the following controls to reduce risk:

• Access Control: Restrict network access to the affected Backup Configuration component to a limited set of trusted administrative IP addresses.
• Web Application Firewall (WAF): Deploy a WAF with rules designed to detect and block common path traversal attack signatures in incoming web requests.
• Principle of Least Privilege: Ensure the service account running the Backup application has the minimum file system permissions required for its operation and is prohibited from writing to sensitive system directories.

Public Exploit Available: false

Given the high CVSS score of 8.2 and the critical impact of remote code execution, this vulnerability poses a significant risk to the organization. We strongly recommend that all affected Backup products be patched immediately, with the highest priority given to internet-accessible systems. Although this CVE is not currently on the CISA KEV list, its severity warrants treating it as a critical priority. If patching is delayed, the compensating controls outlined above must be implemented as an interim measure to mitigate the immediate threat.