Sensitive Information Leak in Acronis Cyber Protect Products by Acronis
CVE-2023-45241

4.4MEDIUM

Key Information:

Vendor: Acronis
Status: Acronis Cyber Protect Cloud Agent; Acronis Cyber Protect 16
Vendor: CVE Published:; 5 October 2023

Summary

A vulnerability has been identified in Acronis Cyber Protect Cloud Agent and Acronis Cyber Protect 16 that allows for sensitive information to be leaked through log files. This issue affects multiple platforms including Linux, macOS, and Windows, making it critical for users to update their software to the latest builds to mitigate the risk of data exposure. Users are encouraged to consult Acronis security advisories for comprehensive guidance on remediation steps.

Affected Version(s)

Acronis Cyber Protect 16 Linux < 37391

Acronis Cyber Protect Cloud Agent Linux < 35739

References

https://security-advisory.acronis.com/advisories/SEC-5999

vendor-advisory

CVSS V3.1

Score:

4.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 5, 2023
Vulnerability Reserved
Oct 5, 2023