Observing a critical security flaw in its products, ConnectWise released a patch update for its Recover and R1Soft Server Backup Manager (SBM) on Friday.
The bug was due to an injection weakness and is termed a high-priority issue. With thousands of R1Soft servers exposed to the internet, ConnectWise warns that hackers may likely exploit it for their malicious cause.
Security Bug in ConnectWise MSP
ConnectWise, the software maker of Recover that enables system admins to manage unattended computers remotely, has a critical security bug that can allow an attacker to execute malicious code remotely.
The same has been done in the ConnectWise R1Soft Server Backup Manager (SBM) secure backup solution too, which is widely used for saving important data. The bug was discovered by Code White security researcher Florian Hauser and later detailed by Huntress Labs security researchers John Hammond and Caleb Stewart .
In their report, the researchers warned of hackers pushing ransomware to vulnerable R1Soft servers exposed on the Internet if they can exploit the vulnerability successfully. Performing a Shodan scan regarding this revealed that over 4,800 R1Soft servers are internet-exposed.
Whelp, wasn’t expecting this ConnectWise RCE to become public today. Guess we’ll publish on Monday how @HuntressLabs went from a researcher’s tweet to the ability to push ransomware through ~5,000 R1Soft servers that are exposed on Shodan. #staytuned https://t.co/HroDdZ5NYI pic.twitter.com/mHLu6zpwic — Kyle Hanslovan (@KyleHanslovan) October 28, 2022
