CVE-2023-48646 – Remote Code Execution Vulnerability in RecoveryManager Plus

Vulnerability Details
Severity	Low
CVE ID	CVE-2023-48646
Affected software versions	6062 and below
Fixed version	6070
Fixed on	June 30, 2023

Details

RecoveryManager Plus builds 6062 and older were reported to have an authenticated remote code execution vulnerability. This has been fixed in the build 6070; its release notes can be found here.

Impact

An authenticated user with admin privileges can remotely execute codes on the machine where RecoveryManager Plus is installed through proxy settings.

Steps to update

Update your RecoveryManager Plus instance to 6070 using the service pack.

Acknowledgements

This vulnerability was discovered by hir0ot working with Trend Micro Zero Day Initiative.

Active Directory Backup

Azure AD Backup

Microsoft Office 365 Backup

Google Workspace Backup

Exchange Backup

Zoho WorkDrive Backup

Microsoft 365 Data Protection

Cloud Data Protection

Security Updates

CVE-2023-48646 – Remote Code Execution Vulnerability in RecoveryManager Plus

Details

Impact

Steps to update

Acknowledgements

A single pane of glass for AD, Azure AD, Microsoft 365, Google Workspace, Exchange, and Zoho WorkDrive backup.