Unauthenticated Path Traversal Vulnerability in Acronis Cloud Manager by Acronis
CVE-2023-41747

6.5MEDIUM

Key Information:

Vendor: Acronis
Status: Acronis Cloud Manager
Vendor: CVE Published:; 31 August 2023

Summary

The vulnerability in Acronis Cloud Manager allows unauthenticated users to access sensitive information through improper validation of file paths. By exploiting this path traversal issue, attackers could potentially gain unauthorized access to critical system files, leading to data exposure. Users are urged to upgrade to the latest build 6.2.23089.203 or later to mitigate this security risk.

Affected Version(s)

Acronis Cloud Manager Windows < 6.2.23089.203

References

https://security-advisory.acronis.com/advisories/SEC-5811

vendor-advisory

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 31, 2023
Vulnerability Reserved
Aug 31, 2023

Credit

@putsi (https://hackerone.com/putsi)