Sensitive Information Disclosure in Acronis Agent and Acronis Cyber Protect by Acronis
CVE-2023-41745

6.1MEDIUM

Key Information:

Vendor: Acronis
Status: Acronis Agent; Acronis Cyber Protect 15
Vendor: CVE Published:; 31 August 2023

Summary

The Acronis Agent and Acronis Cyber Protect products are prone to a vulnerability that allows for the excessive collection of system information, potentially leading to sensitive information disclosure. This issue affects multiple platforms including Linux, macOS, and Windows for both the Acronis Agent and Acronis Cyber Protect 15 software. Users are encouraged to upgrade to the latest builds to mitigate risks associated with this vulnerability.

Affected Version(s)

Acronis Agent Linux < 30991

Acronis Cyber Protect 15 Linux < 35979

References

https://security-advisory.acronis.com/advisories/SEC-2008

vendor-advisory

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 31, 2023
Vulnerability Reserved
Aug 31, 2023