Exploitable Storage and Backup Vulnerabilities: A Growing Threat to Enterprise Security  

On July 29, a critical vulnerability in Acronis Cyber Infrastructure (ACI), tracked as CVE-2023-45249, was highlighted by CISA as being actively exploited by malicious actors.  

This vulnerability allows threat actors to execute arbitrary code remotely due to the use of default passwords. Considering ACI is a secure storage solution, this exploited vulnerability has a double effect – it can put mass amount of production data at risk as well as jeopardize backup data – which will hinder cyber recovery.  

Despite a patch being available for several months, many organizations are unaware and have not yet applied it, leading to ongoing exploitation in the wild. 

Not an Isolated Case: A Growing List of Exploited Vulnerabilities 

The exploitation of ACI is far from an isolated incident. In recent months, multiple vulnerabilities in storage and backup solutions have been discovered and actively exploited. Examples include: 

Veeam Backup & Replication: 

CVE-2022-26500 and CVE-2022-26501: These vulnerabilities allow remote, unauthenticated attackers to execute arbitrary code. They were actively exploited by ransomware groups like Monti and Yanluowang shortly after discovery, emphasizing the importance of timely patching​. 

CVE-2023-27532: This high-severity vulnerability allows attackers to bypass authentication and access sensitive data. It has been exploited by ransomware actors such as the ransomware operation known as EstateRansomware, showcasing the persistent threat to enterprise environments​​. 

MinIO: 

CVE-2023-28432: This vulnerability in MinIO’s Multi-Cloud Object Storage framework allows attackers to return all environment variables, including sensitive information like MINIO_SECRET_KEY and MINIO_ROOT_PASSWORD. 

CVE-2023-28434: An attacker can use crafted requests to bypass metadata bucket name checking and put an object into any bucket while processing PostPolicyBucket.  

Attackers were caught exploiting the above MinIO vulnerabilities, as reported by CISA. 

Veritas Backup Exec: 

CVE-2021-27876: This vulnerability allows unauthorized file access through the Backup Exec Agent. 

CVE-2021-27877: This involves improper authentication, potentially allowing attackers to access sensitive information. 

CVE-2021-27878: This vulnerability permits command execution, allowing attackers to run arbitrary commands on affected systems.  

These vulnerabilities have been actively exploited, highlighting the risks associated with unpatched backup solutions​. 

Oracle ZFS Storage Appliance: 

CVE-2020-14871: Easy-to-use, actively exploited vulnerability that allows unauthenticated attacker to compromise the system, causing high impacts to confidentiality, integrity, and availability.  

There Are More Out There 

Exploitable vulnerabilities exist in Storage and Backup systems. More researchers are now publishing Proof-of-Concept (POC) exploits for these Storage and Backup vulnerabilities, emphasizing the ease of exploitation and the severity of impact – and that concern that these will soon be exploited by malicious actors.  

It’s only a matter of time until even more vulnerabilities are actively exploited by bad actors, putting petabytes of production data at risk, as well as backup copies. To name a few examples: 

• Fujitsu ETERNUS’s CVE-2022-31794 and CVE-2022-31795 can be used by attackers to destroy virtual backups. 

• Arcserve Unified Data Protection’s CVE-2023-26258 poses an authentication bypass risk, with a POC exploit published.  

• Similarly, Veeam’s recent critical CVE-2024-29849 authentication bypass vulnerability caused a stir, and a POC exploit has been made available.  

The Importance of Comprehensive Vulnerability Scanning 

The increasing number of exploited vulnerabilities in storage and backup solutions underscores the critical need for accurate and comprehensive vulnerability scanning for Storage and Backup platforms.  

Unfortunately, traditional vulnerability assessment tools, like Tenable, Qualys, Rapid7, have a difficult time scanning Storage and Backup systems – often deployed as hardware arrays or appliances with specialized, non-standard OS.  

How StorageGuard Can Help 

StorageGuard offers a robust solution for comprehensive vulnerability scanning and configuration compliance in storage and backup environments.  

By continuously monitoring for vulnerabilities and providing actionable insights, StorageGuard helps organizations stay ahead of potential threats. Key features include: 

• Built for Storage and Backup: With specific scanners for nearly all enterprise storage and backup platforms, StorageGuard is the optimal solution for assessing vulnerabilities and hardening Storage and Backup. 

• Authenticated Scan: Our authenticated scans leverage per-platform commands and APIs to investigate the storage or backup system, and identify accurately vulnerabilities. 

• Actionable Recommendations: Clear, actionable recommendations for remediation to ensure vulnerabilities are addressed promptly. 

• Up to date: Our StorageGuard vulnerability database is continuously and timely updated with new information about Storage and Backup system vulnerabilities. 

Conclusion 

 The growing number of exploited vulnerabilities in storage and backup solutions highlights the importance of proactive security measures. Organizations must prioritize vulnerability scanning and timely patching to protect their environments from exploitation.  

Solutions like StorageGuard provide the necessary tools to ensure comprehensive vulnerability management, helping organizations stay secure in an increasingly threat-laden landscape.