Improper Certification Validation in Acronis Agent and Cyber Protect by Acronis
CVE-2022-45458

4.2MEDIUM

Key Information:

Vendor: Acronis
Status: Acronis Agent; Acronis Cyber Protect 15
Vendor: CVE Published:; 18 May 2023

Summary

A vulnerability exists in Acronis Agent and Acronis Cyber Protect due to improper validation of certification which can lead to sensitive information disclosure and unauthorized manipulation of data. Applications affected include Acronis Agent for Windows, macOS, and Linux before build 29633, and Acronis Cyber Protect 15 for the same platforms before build 30984. Users are encouraged to update their software to mitigate the risks associated with this vulnerability.

Affected Version(s)

Acronis Agent Windows < 29633

Acronis Cyber Protect 15 Windows < 30984

References

https://security-advisory.acronis.com/advisories/SEC-3952

vendor-advisory

CVSS V3.1

Score:

4.2

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 18, 2023
Vulnerability Reserved
Nov 16, 2022