Information security specialists report the detection of two vulnerabilities in Bareos open-source software to back up, archive and restore files on the main operating systems. According to the report, the successful exploitation of these flaws would allow the deployment of dangerous hacking tasks.

Below are brief descriptions of the reported flaws, as well as their respective tracking keys and scores according to the Common Vulnerability Scoring System (CVSS).

CVE-2022-24756: A memory leak during PAM authentication in the Bareos Director component would allow remote threat actors to force a denial of service (DoS) attack on the affected system.  

The vulnerability received a CVSS score of 6.5/10 and is considered a medium severity flaw, as mentioned by information security specialists.

CVE-2022-24755: On the other hand, this flaw exists due to improper authorization during PAM authentication in the Bareos Director component, which would allow remote malicious hackers to evade authentication and gain administrative access to the affected system.

Because this flaw would allow privilege escalation attacks to be performed, it is considered a severe error and was assigned a CVSS score of 7.1/10.

According to the report, the vulnerabilities reside in all versions of Bareos between v19.2.4 and v21.0.1.

While these vulnerabilities can be exploited by remote threat actors not authenticated over the Internet, no malicious exploitation attempts associated with these reports have been detected so far. Still, the developers of Bareos recommend users of affected deployments to apply the available patches as soon as possible.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post Critical memory leak and authorization vulnerability in Bareos, a backup and archiving solution appeared first on Information Security Newspaper | Hacking News.

source

You May Also Like

Critical vulnerability in cardiology medical devices would allow hackers to provoke heart attacks on victims

Cybersecurity specialists report the detection of a critical vulnerability in some devices…

Former FBI agent on trial for theft of classified cybersecurity and terrorism information

A recent report states that an analyst at the Federal Bureau of…

4 critical vulnerabilities in Moodle, an open-source learning platform/course management system (CMS)

Cybersecurity specialists reported the detection of multiple security flaws at Moodle, a…

Unpatched severe vulnerability with CVVS score of 7.7 in VMware’s Cloud Foundation, ESXi, Fusion and Workstation platforms

Cybersecurity specialists report the detection of a critical vulnerability in some VMware…