Security News > 2022 > October > ConnectWise fixes RCE bug exposing R1Soft backup servers to attacks
ConnectWise has released security updates to address a critical vulnerability in the ConnectWise Recover and R1Soft Server Backup Manager secure backup solutions.
Affected software versions include ConnectWise Recover or earlier and R1Soft SBM v6.16.3 or earlier.
According to a Shodan scan, more than 4,800 Internet-exposed R1Soft servers are likely exposed to attacks if they haven't been patched since ConnectWise has released patches for this RCE bug.
"Affected ConnectWise Recover SBMs have automatically been updated to the latest version of Recover," ConnectWise said.
On the other hand, R1Soft users were advised to "Upgrade the server backup manager to SBM v6.16.4 released October 28, 2022 using the R1Soft upgrade wiki."
The company also recommended patching all impacted R1Soft backup servers as soon as possible.
News URL
Related news
- Exploit released for Fortinet RCE bug used in attacks, patch now (source)
- Crafting Shields: Defending Minecraft Servers Against DDoS Attacks (source)
- 17,000+ Microsoft Exchange servers in Germany are vulnerable to attack, BSI warns (source)
- Ivanti fixes VPN gateway vulnerability allowing RCE, DoS attacks (source)
- New HTTP/2 Vulnerability Exposes Web Servers to DoS Attacks (source)
- New HTTP/2 DoS attack can crash web servers with a single connection (source)
- Critical RCE bug in 92,000 D-Link NAS devices now exploited in attacks (source)
- Four Critical Vulnerabilities Expose HPE Aruba Devices to RCE Attacks (source)