Sensitive Information Disclosure in Acronis Agent by Acronis
CVE-2023-44212

7.3HIGH

Key Information:

Vendor: Acronis
Status: Acronis Agent
Vendor: CVE Published:; 5 October 2023

Summary

Acronis Agent versions prior to build 31477 are susceptible to a vulnerability that allows unauthorized users to access and manipulate sensitive information due to inadequate authorization measures. This flaw could lead to significant privacy breaches, as unauthorized users might exploit this weakness to obtain confidential data, making it essential for users to update to the latest version of the product. For detailed information and mitigation steps, refer to the Acronis advisory at SEC-5528.

Affected Version(s)

Acronis Agent Linux < 31477

References

https://security-advisory.acronis.com/advisories/SEC-5528

vendor-advisory

https://security-advisory.acronis.com/SEC-2159

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 5, 2023
Vulnerability Reserved
Sep 26, 2023