Sensitive Information Disclosure in Acronis Agent by Acronis
CVE-2023-44210

7.3HIGH

Key Information:

Vendor: Acronis
Status: Acronis Agent
Vendor: CVE Published:; 4 October 2023

Summary

Acronis Agent products on Linux, macOS, and Windows contain a vulnerability that allows unauthorized access to sensitive information. This flaw results from a missing authorization mechanism, which could be exploited by attackers to manipulate or disclose confidential data. Users of affected versions should update to build 29258 or later to mitigate this risk.

Affected Version(s)

Acronis Agent Linux < 29258

References

https://security-advisory.acronis.com/advisories/SEC-2159

vendor-advisory

https://security-advisory.acronis.com/SEC-5528

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 4, 2023
Vulnerability Reserved
Sep 26, 2023