Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Critical Vulnerability in ConnectWise Recover and R1Soft Server Backup Manager
Alerts

Critical Vulnerability in ConnectWise Recover and R1Soft Server Backup Manager

2 November 2022

ConnectWise has released security updates to address a critical remote code execution (RCE) vulnerability (CVE-2022-36537) affecting the ZK framework used in ConnectWise Recover and R1Soft Server Backup Manager (SBM) secure backup solutions.

Successful exploitation of the vulnerability could allow an attacker to perform remote code execution or directly access confidential data.

The vulnerability affects the following products:

  • ConnectWise Recover version 2.9.7 and earlier versions

  • R1Soft SBM version 6.16.3 and earlier versions

Affected ConnectWise Recover SBMs have automatically been updated to the latest version 2.9.9. Administrators and users of affected R1Soft SBM versions are advised to upgrade to version 6.16.4 immediately.

More information is available here:

https://www.connectwise.com/company/trust/security-bulletins/r1soft-and-recover-security-bulletin
https://www.bleepingcomputer.com/news/security/connectwise-fixes-rce-bug-exposing-thousands-of-servers-to-attacks/


Back to top