StorageGuard - by Continuity™ - is the ONLY Security Posture Management solution for Storage & Backups, helping to ensure these systems are securely configured, and compliant with industry & security standards.
On July 29, a critical vulnerability in Acronis Cyber Infrastructure (ACI), tracked as CVE-2023-45249, was highlighted by CISA as being actively exploited by malicious actors.
This vulnerability allows threat actors to execute arbitrary code remotely due to the use of default passwords. Considering ACI is a secure storage solution, this exploited vulnerability has a double effect – it can put mass amount of production data at risk as well as jeopardize backup data – which will hinder cyber recovery.
Despite a patch being available for several months, many organizations are unaware and have not yet applied it, leading to ongoing exploitation in the wild.
The exploitation of ACI is far from an isolated incident. In recent months, multiple vulnerabilities in storage and backup solutions have been discovered and actively exploited. Examples include:
Veeam Backup & Replication:
CVE-2024-40711: Critical Veeam Vulnerability Exploited in Frag Ransomware Attacks.
CVE-2022-26500 and CVE-2022-26501: These vulnerabilities allow remote, unauthenticated attackers to execute arbitrary code. They were actively exploited by ransomware groups like Monti and Yanluowang shortly after discovery, emphasizing the importance of timely patching.
CVE-2023-27532: This high-severity vulnerability allows attackers to bypass authentication and access sensitive data. It has been exploited by ransomware actors such as the ransomware operation known as EstateRansomware, showcasing the persistent threat to enterprise environments.
MinIO:
CVE-2023-28432: This vulnerability in MinIO’s Multi-Cloud Object Storage framework allows attackers to return all environment variables, including sensitive information like MINIO_SECRET_KEY and MINIO_ROOT_PASSWORD.
CVE-2023-28434: An attacker can use crafted requests to bypass metadata bucket name checking and put an object into any bucket while processing PostPolicyBucket.
Attackers were caught exploiting the above MinIO vulnerabilities, as reported by CISA.
Veritas Backup Exec:
CVE-2021-27876: This vulnerability allows unauthorized file access through the Backup Exec Agent.
CVE-2021-27877: This involves improper authentication, potentially allowing attackers to access sensitive information.
CVE-2021-27878: This vulnerability permits command execution, allowing attackers to run arbitrary commands on affected systems.
These vulnerabilities have been actively exploited, highlighting the risks associated with unpatched backup solutions.
Oracle ZFS Storage Appliance:
CVE-2020-14871: Easy-to-use, actively exploited vulnerability that allows unauthenticated attacker to compromise the system, causing high impacts to confidentiality, integrity, and availability.
Arcserve UDP:
CVE-2024-0799, CVE-2024-0800, CVE-2024-0801: NHS Digital hints at exploit sightings of Arcserve UDP vulnerabilities
Exploitable vulnerabilities exist in Storage and Backup systems. More researchers are now publishing Proof-of-Concept (POC) exploits for these Storage and Backup vulnerabilities, emphasizing the ease of exploitation and the severity of impact – and that concern that these will soon be exploited by malicious actors.
It’s only a matter of time until even more vulnerabilities are actively exploited by bad actors, putting petabytes of production data at risk, as well as backup copies. To name a few examples:
As Storage and Backup vendors improve their vulnerability detection and disclosure processes, we observe an increase in the overall number of high and critical security advisories being published for Storage systems, Backup appliances and software year by year. For example –
These are just very few samples out of hundreds of advisories and thousands of vulnerabilities identified this year alone (to date). This trend requires organizations to develop a more comprehensive, automated process for obtaining current vulnerability info in a timely fashion, detecting vulnerabilities in Storage and Backup platforms at scale and on-demand, and mitigating those found.
The increasing number of exploited vulnerabilities in storage and backup solutions underscores the critical need for accurate and comprehensive vulnerability scanning for Storage and Backup platforms.
Unfortunately, traditional vulnerability assessment tools, have a difficult time scanning Storage and Backup systems – often deployed as hardware arrays or appliances with specialized, non-standard OS.
StorageGuard offers a robust solution for comprehensive vulnerability scanning and configuration compliance in storage and backup environments.
By continuously monitoring for vulnerabilities and providing actionable insights, StorageGuard helps organizations stay ahead of potential threats. Key features include:
The growing number of exploited vulnerabilities in storage and backup solutions highlights the importance of proactive security measures. Organizations must prioritize vulnerability scanning and timely patching to protect their environments from exploitation.
Solutions like StorageGuard provide the necessary tools to ensure comprehensive vulnerability management, helping organizations stay secure in an increasingly threat-laden landscape.
It’s time to automate the secure configuration of your storage & backup systems.
Virtual Panel with Check Point, Qualys and Rapid7: Vulnerability Management 2025 Innovations – January 16
Register