CVE-2020-15851 – CVE-2020-15851 is a critical access control vul... (How to Fix)

Q: What is the severity of CVE-2020-15851?

CVE-2020-15851 has a CVSS score of 9.8 (CRITICAL). CVE-2020-15851 is a critical access control vulnerability in Nakivo Backup & Replication Transporter that allows remote attackers to access unencrypted backup repositories and configuration data, and create or delete repositories. This affects version 9.4.0.r43656 of the software. Organizations using this vulnerable version are at risk of data exposure and system compromise.

📋 TL;DR

CVE-2020-15851 is a critical access control vulnerability in Nakivo Backup & Replication Transporter that allows remote attackers to access unencrypted backup repositories and configuration data, and create or delete repositories. This affects version 9.4.0.r43656 of the software. Organizations using this vulnerable version are at risk of data exposure and system compromise.

💻 Affected Systems

Products:

Nakivo Backup & Replication Transporter

Versions: Version 9.4.0.r43656 specifically

Operating Systems: All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: The transporter service runs on port 9446 by default and is network-accessible in typical deployments.

📦 What is this software?

Backup \& Replication Transporter by Nakivo

View all CVEs affecting Backup \& Replication Transporter →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of backup infrastructure leading to data theft, ransomware deployment, destruction of backup repositories, and lateral movement to other systems.

🟠

Likely Case

Unauthorized access to sensitive backup data including potentially regulated information, configuration theft enabling further attacks, and backup repository manipulation.

🟢

If Mitigated

Limited impact if proper network segmentation and access controls prevent unauthorized network access to the transporter service.

🌐 Internet-Facing: HIGH - Directly exploitable over network without authentication, exposing backup data to internet attackers.

🏢 Internal Only: HIGH - Even internally, any network-accessible instance can be exploited by malicious insiders or compromised internal systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability requires no authentication and has publicly available technical details, making exploitation straightforward.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 10.3 and later

Vendor Advisory: https://helpcenter.nakivo.com/display/RN/v10.3+Release+Notes

Restart Required: Yes

Instructions:

1. Download Nakivo Backup & Replication version 10.3 or later from the vendor portal. 2. Backup current configuration. 3. Run the installer to upgrade. 4. Restart all Nakivo services. 5. Verify functionality.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to the transporter service (port 9446) to only authorized management systems.

Firewall Rules

all

Implement firewall rules to block external access to Nakivo transporter service.

# Example Linux iptables rule
iptables -A INPUT -p tcp --dport 9446 -j DROP
# Example Windows PowerShell
New-NetFirewallRule -DisplayName "Block Nakivo Transporter" -Direction Inbound -LocalPort 9446 -Protocol TCP -Action Block

🧯 If You Can't Patch

Implement strict network segmentation to isolate Nakivo systems from untrusted networks
Monitor for unusual access patterns to port 9446 and review access logs regularly

🔍 How to Verify

Check if Vulnerable:

Check Nakivo Transporter version in web interface or configuration files. Version 9.4.0.r43656 is vulnerable.

Check Version:

On Linux: cat /opt/nakivo/transporter/version.txt
On Windows: Check version in installed programs list or Nakivo web interface

Verify Fix Applied:

Verify version is 10.3 or later in the Nakivo web interface or via the nakivo-backup command line tool.

📡 Detection & Monitoring

Log Indicators:

Unauthorized access attempts to port 9446
Unexpected repository creation/deletion events
Unusual configuration changes

Network Indicators:

External connections to port 9446
Unusual data transfers from Nakivo systems

SIEM Query:

source_port=9446 AND (src_ip NOT IN [authorized_management_ips]) OR event_type="repository_creation" OR event_type="repository_deletion"

📊 Metadata

CVE ID: CVE-2020-15851

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-306

Published: September 24, 2020

Last Updated: November 21, 2024

🔗 References

https://helpcenter.nakivo.com/display/RN/v10.3+Release+Notes Release Notes,Vendor Advisory
https://labs.f-secure.com/advisories/nakivo-backup-and-replication-multiple-vulnerabilities Exploit,Third Party Advisory
https://helpcenter.nakivo.com/display/RN/v10.3+Release+Notes Release Notes,Vendor Advisory
https://labs.f-secure.com/advisories/nakivo-backup-and-replication-multiple-vulnerabilities Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-15851, you might also want to check these: