Sensitive Information Disclosure in Acronis Agent by Acronis
CVE-2023-45240

5.5MEDIUM

Key Information:

Vendor: Acronis
Status: Acronis Agent
Vendor: CVE Published:; 5 October 2023

Summary

A vulnerability exists in Acronis Agent that allows for sensitive information disclosure due to inadequate authorization mechanisms. This affects the Acronis Agent across Linux, macOS, and Windows platforms, specifically prior to build 35739. Attackers could potentially exploit this flaw to access restricted data, heightening security concerns and posing risks to data integrity and privacy.

Affected Version(s)

Acronis Agent Linux < 35739

References

https://security-advisory.acronis.com/advisories/SEC-5904

vendor-advisory

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 5, 2023
Vulnerability Reserved
Oct 5, 2023