Sensitive Information Disclosure in Acronis Agent and Acronis Cyber Protect
CVE-2022-45457

4.2MEDIUM

Key Information:

Vendor: Acronis
Status: Acronis Agent; Acronis Cyber Protect 15
Vendor: CVE Published:; 18 May 2023

Summary

This vulnerability involves sensitive information disclosure and manipulation due to improper certification validation in Acronis products. Affected versions include Acronis Agent for Windows prior to build 29633 and Acronis Cyber Protect 15 for Windows before build 30984, which may allow unauthorized access to sensitive data. Users are advised to update to the latest builds to mitigate these risks.

Affected Version(s)

Acronis Agent Windows < 29633

Acronis Cyber Protect 15 Windows < 30984

References

https://security-advisory.acronis.com/advisories/SEC-3957

vendor-advisory

CVSS V3.1

Score:

4.2

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 18, 2023
Vulnerability Reserved
Nov 16, 2022