CVE-2020-15851

Lack of access control in Nakivo Backup & Replication Transporter version 9.4.0.r43656 allows remote users to access unencrypted backup repositories and the Nakivo Controller configuration via a network accessible transporter service. It is also possible to create or delete backup repositories.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 76%
VendorProductVersion
nakivobackup_\&_replication_transporter
9.4.0.r43656:r43656
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://helpcenter.nakivo.com/display/RN/v10.3+Release+Notes
https://labs.f-secure.com/advisories/nakivo-backup-and-replication-multiple-vulnerabilities
https://helpcenter.nakivo.com/display/RN/v10.3+Release+Notes
https://labs.f-secure.com/advisories/nakivo-backup-and-replication-multiple-vulnerabilities