Sensitive Information Disclosure in Acronis Cyber Protect Products
CVE-2023-44213

5.5MEDIUM

Key Information:

Vendor: Acronis
Status: Acronis Cyber Protect Cloud Agent; Acronis Cyber Protect 16
Vendor: CVE Published:; 5 October 2023

Summary

The vulnerability allows unauthorized access to sensitive system information due to the excessive collection of data by Acronis Cyber Protect products. This flaw affects multiple versions of Acronis Cyber Protect Cloud Agent and Acronis Cyber Protect 16 for Windows, potentially exposing critical user data to attackers. Users are urged to update to the latest builds to mitigate this risk.

Affected Version(s)

Acronis Cyber Protect 16 Windows < 37391

Acronis Cyber Protect Cloud Agent Windows < 35739

References

https://security-advisory.acronis.com/advisories/SEC-5286

vendor-advisory

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 5, 2023
Vulnerability Reserved
Sep 26, 2023