Security News > 2022 > October > ConnectWise fixes RCE bug exposing R1Soft backup servers to attacks
ConnectWise has released security updates to address a critical vulnerability in the ConnectWise Recover and R1Soft Server Backup Manager secure backup solutions.
Affected software versions include ConnectWise Recover or earlier and R1Soft SBM v6.16.3 or earlier.
According to a Shodan scan, more than 4,800 Internet-exposed R1Soft servers are likely exposed to attacks if they haven't been patched since ConnectWise has released patches for this RCE bug.
"Affected ConnectWise Recover SBMs have automatically been updated to the latest version of Recover," ConnectWise said.
On the other hand, R1Soft users were advised to "Upgrade the server backup manager to SBM v6.16.4 released October 28, 2022 using the R1Soft upgrade wiki."
The company also recommended patching all impacted R1Soft backup servers as soon as possible.
News URL
Related news
- New scanner finds Linux, UNIX servers exposed to CUPS RCE attacks (source)
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
- 'Patch yesterday': Zimbra mail servers under siege through RCE vuln (source)
- Critical Zimbra RCE flaw exploited to backdoor servers using emails (source)
- Critical Ivanti RCE flaw with public exploit now used in attacks (source)
- CISA says critical Fortinet RCE flaw now exploited in attacks (source)
- VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability (source)
- VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812) (source)
- Cybercriminals Exploiting Docker API Servers for SRBMiner Crypto Mining Attacks (source)
- VMware fixes bad patch for critical vCenter Server RCE flaw (source)