Sensitive Information Disclosure in Acronis Cyber Protect Products
CVE-2023-44211

7.1HIGH

Key Information:

Vendor: Acronis
Status: Acronis Cyber Protect Cloud Agent; Acronis Cyber Protect 16
Vendor: CVE Published:; 5 October 2023

Summary

A missing authorization vulnerability affects Acronis Cyber Protect products, allowing unauthorized access to sensitive information. This issue impacts multiple builds across the Cyber Protect Cloud Agent and Cyber Protect 16, potentially exposing users' data to risk. Acronis has provided an advisory detailing the affected versions and recommended actions to mitigate this vulnerability.

Affected Version(s)

Acronis Cyber Protect 16 Linux < 37391

Acronis Cyber Protect Cloud Agent Linux < 31637

References

https://security-advisory.acronis.com/advisories/SEC-4061

vendor-advisory

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 5, 2023
Vulnerability Reserved
Sep 26, 2023