Security News > 2022 > October > ConnectWise fixes RCE bug exposing R1Soft backup servers to attacks
ConnectWise has released security updates to address a critical vulnerability in the ConnectWise Recover and R1Soft Server Backup Manager secure backup solutions.
Affected software versions include ConnectWise Recover or earlier and R1Soft SBM v6.16.3 or earlier.
According to a Shodan scan, more than 4,800 Internet-exposed R1Soft servers are likely exposed to attacks if they haven't been patched since ConnectWise has released patches for this RCE bug.
"Affected ConnectWise Recover SBMs have automatically been updated to the latest version of Recover," ConnectWise said.
On the other hand, R1Soft users were advised to "Upgrade the server backup manager to SBM v6.16.4 released October 28, 2022 using the R1Soft upgrade wiki."
The company also recommended patching all impacted R1Soft backup servers as soon as possible.
News URL
Related news
- Apache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE Attacks (source)
- New Cleo zero-day RCE flaw exploited in data theft attacks (source)
- Over 3 million mail servers without encryption exposed to sniffing attacks (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks (source)
- Over 660,000 Rsync servers exposed to code execution attacks (source)
- SonicWall warns of SMA1000 RCE flaw exploited in zero-day attacks (source)
- Unpatched PHP Voyager Flaws Leave Servers Open to One-Click RCE Exploits (source)