Storagecraft | Image Manager Exploit

The specific flaw involves improper input neutralization during the creation of recovery points. By sending a maliciously crafted backup header to ImageManager, an attacker could force the service to execute arbitrary code on the host operating system.

The most severe exploits targeting ImageManager fall into a single terrifying category: . In late 2021 and early 2022, researchers, including those at Cortex Xpanse, identified that legacy versions of StorageCraft ImageManager (specifically versions prior to 7.8.1) were shipping with a default, hardcoded, or entirely missing authentication mechanism on their management API. storagecraft image manager exploit

To protect against exploitation of backup infrastructure, Arcserve and security experts recommend: Encryption : Always enable ShadowProtect SPX In late 2021 and early 2022, researchers, including

: Standard installations of ImageManager often have ports 8888 or 32846 open. Attackers can use these ports to identify the software version and target unpatched instances. The Arcserve UDP Connection one Since StorageCraft's acquisition by Arcserve

: Security researchers identified a flaw where ImageManager stored FTPS passwords in a way that could be retrieved and decrypted by an attacker with local administrator access. This allows a sophisticated ransomware actor to "nuke" off-site recovery options by accessing the replication destination and deleting backups.

To understand the severity of the exploit, one

Since StorageCraft's acquisition by Arcserve, many ImageManager environments are integrated with . This platform has faced several critical vulnerabilities recently: