Trust Center

Start your security review
View & download sensitive information
Ask for information
Search items
ControlK

Welcome to Pax8's Trust Center. We earn your trust by doing what we say we'll do and by being transparent with our customers and stakeholders, which is why we've provided our security, compliance, and privacy information in one, easy-to-access site.

Trust thrives in situations where everyone can win together. This is especially important for managed service providers (MSPs), because they are entrusted to protect the critical IT infrastructure and data of their clients. We recognize that our customers can only deliver on their promises when Pax8 operates as a trustworthy partner.

Pax8's security and privacy programs are led by industry veterans with decades of experience: Robb Reck: Chief Trust & Security Officer Carrie Schiff: Chief Legal Officer

Documents

REPORTSPentest Report

We follow industry best practices for endpoint security. We are happy to provide more details about our endpoint security practices upon request.

We protect our corporate network against external & internal threats.

Trust Center Updates

Pax8 Security Advisory: Veeam Backup and Replication (VBR) Vulnerability (CVE-2024-40711)

VulnerabilitiesCopy link

This Pax8 Security Alert is a notification of a potential security threat for partners who are using Veeam Backup and Replication.

A critical vulnerability with Veeam Backup and Replication requires immediate attention. The exploitation of this Remote Code Execution Vulnerability has been reported and poses a significant threat. The vulnerability was made public in September 2024 and a product version has been released to address this vulnerability. Users of Veeam Backup products are recommended to take action to patch before exploitation occurs.

About this Vulnerability

The vulnerability could potentially allow remote code execution on systems with version 12.1.2 Veeam Backup and Replication, leading to full system compromise.

The technical information related to how this vulnerability has been exploited was noted as, "Each time, the attackers exploited VEEAM on the URI /trigger on port 8000, triggering the Veeam.Backup.MountService.exe to spawn net.exe. The exploit creates a local account, 'point,' adding it to the local Administrators and Remote Desktop Users groups."

Potential Impact

Systems operating on version 12.1.2 are at risk. Attackers could exploit this vulnerability to move laterally within infrastructure, deploy ransomware, or other malicious software.

Recommend Immediate Patching Actions

Pax8 Security team advises patching per the Veeam recommendation for version 12.1.2 of Veeam Backup and Replication and update with version 12.2.

References

  • Veeam Security Bulletin (September 2024)
  • Critical Veeam Vulnerability Exploited (The Hacker News)
Published at N/A

Pax8 Security Advisory: OpenSSH Vulnerability (regreSSHion CVE-2024-6387)

VulnerabilitiesCopy link

This Pax8 Security Advisory is a notification of a potential security threat.

A critical OpenSSH vulnerability requires immediate attention. Remote Code Execution Vulnerabilities are rare but pose a significant threat. The vulnerability has been validated in a lab environment by Qualys and was made public on 1 July 2024. Use this brief window to patch before exploitation begins.

About this Vulnerability

The vulnerability could potentially allow remote code execution on systems accessible over SSH (port 22) as the 'root' user, leading to full system compromise.

Potential Impact

Systems with exposed port 22 are at risk. Attackers could exploit this vulnerability to move laterally within infrastructure, deploy ransomware, or other malicious software.

Recommend Immediate Patching Actions

Pax8 Security team advises patching the following versions of OpenSSH:

  • OpenSSH versions before 4.4p1
  • OpenSSH versions 8.5p1through but not including 9.8p1

References

Published at N/A*

If you need help using this Trust Center, please contact us.

Contact Support
Powered bySafeBase Logo