fbpx
Yaniv Valik

Exploitable Storage and Backup Vulnerabilities: A Growing Threat to Enterprise Security  

  • August 8, 2024
  • 6 min read

About Continuity™

StorageGuard - by Continuity™ - is the ONLY Security Posture Management solution for Storage & Backups, helping to ensure these systems are securely configured, and compliant with industry & security standards.

Read more

On July 29, a critical vulnerability in Acronis Cyber Infrastructure (ACI), tracked as CVE-2023-45249, was highlighted by CISA as being actively exploited by malicious actors.  

This vulnerability allows threat actors to execute arbitrary code remotely due to the use of default passwords. Considering ACI is a secure storage solution, this exploited vulnerability has a double effect – it can put mass amount of production data at risk as well as jeopardize backup data – which will hinder cyber recovery.  

Despite a patch being available for several months, many organizations are unaware and have not yet applied it, leading to ongoing exploitation in the wild. 

Not an Isolated Case: A Growing List of Exploited Vulnerabilities 

The exploitation of ACI is far from an isolated incident. In recent months, multiple vulnerabilities in storage and backup solutions have been discovered and actively exploited. Examples include: 

Veeam Backup & Replication
CVE-2024-40711: Critical Veeam Vulnerability Exploited in Frag Ransomware Attacks.
CVE-2022-26500 and CVE-2022-26501: These vulnerabilities allow remote, unauthenticated attackers to execute arbitrary code. They were actively exploited by ransomware groups like Monti and Yanluowang shortly after discovery, emphasizing the importance of timely patching​. 
CVE-2023-27532: This high-severity vulnerability allows attackers to bypass authentication and access sensitive data. It has been exploited by ransomware actors such as the ransomware operation known as EstateRansomware, showcasing the persistent threat to enterprise environments​​. 

MinIO
CVE-2023-28432: This vulnerability in MinIO’s Multi-Cloud Object Storage framework allows attackers to return all environment variables, including sensitive information like MINIO_SECRET_KEY and MINIO_ROOT_PASSWORD. 
CVE-2023-28434: An attacker can use crafted requests to bypass metadata bucket name checking and put an object into any bucket while processing PostPolicyBucket. 
Attackers were caught exploiting the above MinIO vulnerabilities, as reported by CISA. 

Veritas Backup Exec
CVE-2021-27876: This vulnerability allows unauthorized file access through the Backup Exec Agent. 
CVE-2021-27877: This involves improper authentication, potentially allowing attackers to access sensitive information. 
CVE-2021-27878: This vulnerability permits command execution, allowing attackers to run arbitrary commands on affected systems.  
These vulnerabilities have been actively exploited, highlighting the risks associated with unpatched backup solutions​. 

Oracle ZFS Storage Appliance: 
CVE-2020-14871: Easy-to-use, actively exploited vulnerability that allows unauthenticated attacker to compromise the system, causing high impacts to confidentiality, integrity, and availability 

Arcserve UDP:
CVE-2024-0799, CVE-2024-0800, CVE-2024-0801: NHS Digital hints at exploit sightings of Arcserve UDP vulnerabilities

There Are More Out There 

Exploitable vulnerabilities exist in Storage and Backup systems. More researchers are now publishing Proof-of-Concept (POC) exploits for these Storage and Backup vulnerabilities, emphasizing the ease of exploitation and the severity of impact – and that concern that these will soon be exploited by malicious actors.  

It’s only a matter of time until even more vulnerabilities are actively exploited by bad actors, putting petabytes of production data at risk, as well as backup copies. To name a few examples: 

  • Fujitsu ETERNUS’s CVE-2022-31794 and CVE-2022-31795 can be used by attackers to destroy virtual backups. 
  • Arcserve Unified Data Protection’s CVE-2023-26258 poses an authentication bypass risk, with a POC exploit published.  
  • Similarly, Veeam’s recent critical CVE-2024-29849 authentication bypass vulnerability caused a stir, and a POC exploit has been made available.  
  • Hitachi NAS (HNAS) – POC exploit for the System Management Unit (SMU) Backup & Restore IDOR Vulnerability (CVE-2023-5808)
  • POC Exploit for Cisco UCS S-Series Storage Servers in standalone mode – CVE-2024-20295, CVE-2024-20356
  • Brocade SANnav – CVE-2024-2859 and CVE-2024-29960 through CVE-2024-29967

Increase in high-severity vulnerabilities

As Storage and Backup vendors improve their vulnerability detection and disclosure processes, we observe an increase in the overall number of high and critical security advisories being published for Storage systems, Backup appliances and software year by year. For example –

  • Earlier this year Pure Storage released a security advisory for a number of critical vulnerabilities for their FlashArray and FlashBlade products, some marked with the CVSS score of 10.0
  • Rubrik published a RBK-20240619-V0044 Security Advisory for their CDM product outlining a high-severity vulnerabilities
  • HPE released in July a Security Advisory for 3PAR Service Processor outlining a critical authentication bypass risk
  • Also In July NetApp released a high-severity advisory for FAS/AFF Baseboard Management Controller (BMC) and ONTAP
  • In August Dell published a High-severity Security Advisory for PowerMax, covering many dozens of CVE vulnerabilities, and then in October a critical advisory for PowerProtect DD (Data Domain).

These are just very few samples out of hundreds of advisories and thousands of vulnerabilities identified this year alone (to date). This trend requires organizations to develop a more comprehensive, automated process for obtaining current vulnerability info in a timely fashion, detecting vulnerabilities in Storage and Backup platforms at scale and on-demand, and mitigating those found.

The Importance of Comprehensive Vulnerability Scanning 

The increasing number of exploited vulnerabilities in storage and backup solutions underscores the critical need for accurate and comprehensive vulnerability scanning for Storage and Backup platforms.  

Unfortunately, traditional vulnerability assessment tools, have a difficult time scanning Storage and Backup systems – often deployed as hardware arrays or appliances with specialized, non-standard OS.  

How StorageGuard Can Help 

StorageGuard offers a robust solution for comprehensive vulnerability scanning and configuration compliance in storage and backup environments.  

By continuously monitoring for vulnerabilities and providing actionable insights, StorageGuard helps organizations stay ahead of potential threats. Key features include: 

  • Built for Storage and Backup: With specific scanners for nearly all enterprise storage and backup platforms, StorageGuard is the optimal solution for assessing vulnerabilities and hardening Storage and Backup. 
  • Authenticated Scan: Our authenticated scans leverage per-platform commands and APIs to investigate the storage or backup system, and identify accurately vulnerabilities. 
  • Actionable Recommendations: Clear, actionable recommendations for remediation to ensure vulnerabilities are addressed promptly. 
  • Up to date: Our StorageGuard vulnerability database is continuously and timely updated with new information about Storage and Backup system vulnerabilities. 

Conclusion 

The growing number of exploited vulnerabilities in storage and backup solutions highlights the importance of proactive security measures. Organizations must prioritize vulnerability scanning and timely patching to protect their environments from exploitation.  

Solutions like StorageGuard provide the necessary tools to ensure comprehensive vulnerability management, helping organizations stay secure in an increasingly threat-laden landscape. 

Talk To An Expert

It’s time to automate the secure configuration of your storage & backup systems.

Virtual Panel with Check Point, Qualys and Rapid7: Vulnerability Management 2025 Innovations – January 16

Register
We use cookies to enable website functionality, understand the performance of our site, provide social media features, and serve more relevant content to you.
We may also place cookies on our and our partners’ behalf to help us deliver more targeted ads and assess the performance of these campaigns. You may review our
Privacy Policy I Agree