As part of the ConnectWise Recover and R1Soft Server Backup Manager (SBM) secure backup solutions, ConnectWise has released security updates that address a critical vulnerability within those products.
In an advisory published by the company today, the company describes the security flaw as being due to an injection vulnerability. This occurs when special elements in output are not adequately neutralized before entering a downstream component.
Among the affected software, versions are ConnectWise Recover, earlier versions of the product, and R1Soft SBM versions 6.16.3 and earlier versions.
Several security researchers have reported that this is a critical vulnerability that could expose confidential information or allow attackers to execute code remotely using the vulnerability.
Additionally, it categorized this as a high-priority issue, meaning that it may be exploited in attacks or at a high risk of being targeted in the wild if it is not addressed immediately.
In a report released by Huntress Labs CEO Kyle Hanslovan, security researchers have discovered, rediscovered, and expanded on the vulnerability discovered by Code White security researcher Florian Hauser. According to Huntress Labs CEO Kyle Hanslovan, the vulnerability can be exploited to spread ransomware to thousands of R1Soft servers exposed to the Internet. This is done via R1Soft servers exposed to the Internet.
Approximately 4,800 R1Soft servers that are exposed to the Internet may be vulnerable to attacks as a result of this RCE bug. According to a Shodan scan, these servers may not be patched since ConnectWise has released patches for this issue.
There have been automatic updates applied to ConnectWise Recover SBMs that have been impacted by the vulnerability (v2.9.9), ConnectWise announced.
It should be noted that Cryptree users are being advised to upgrade their R1Soft backup manager to the latest release, SBM v6.16.4, released on October 28, 2022, by following the steps detailed in the R1Soft upgrade wiki.
As part of the company's recommendation, all R1Soft backup servers that are impacted should be patched as soon as possible.
Even though patching critical vulnerabilities is always something that cybersecurity professionals are strongly encouraged to do, they do not think it is wise to do it on a Friday evening, as it can be a potentially disastrous timing decision.
As a result, all Internet-exposed servers such as websites will be compromised to the fullest extent by malicious actors as soon as they discover a vulnerability.
There is also a tendency for hackers to be especially active on weekends since most IT teams and security teams are away from their computers during these busy times.
As a result of an end-of-the-week release, it is also more difficult to patch any vulnerable servers before the weekend, potentially exposing more systems for a few days to attack, especially if the release takes place along with a holiday weekend.
There is a concern that not patching the R1Soft SBM backup solution quickly may lead to a significant security incident. This is because the R1Soft SBM backup solution is a popular tool among managed service providers and cloud hosting providers.