Sensitive Information Disclosure in Acronis Cyber Protect Home Office
CVE-2023-44208

9.1CRITICAL

Key Information:

Vendor: Acronis
Status: Acronis Cyber Protect Home Office; Acronis True Image Oem
Vendor: CVE Published:; 4 October 2023

What is CVE-2023-44208?

This vulnerability arises from a missing authorization mechanism, allowing unauthorized access to sensitive information within the Acronis Cyber Protect Home Office application. This can lead to potential data manipulation, putting user data at risk. Affected users should promptly update to the latest version to mitigate these risks.

Affected Version(s)

Acronis Cyber Protect Home Office Windows < 40713

Acronis True Image OEM Windows < 42575

References

https://security-advisory.acronis.com/advisories/SEC-6587

vendor-advisory

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

CVSS V3.0

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 4, 2023
Vulnerability Reserved
Sep 26, 2023

CVE-2023-44208 Data

JSON