Sensitive Information Disclosure in Acronis Agent by Acronis
CVE-2023-45242

5.5MEDIUM

Key Information:

Vendor: Acronis
Status: Acronis Cyber Protect Cloud Agent; Acronis Cyber Protect 17
Vendor: CVE Published:; 5 October 2023

What is CVE-2023-45242?

A vulnerability in Acronis Agent across Linux, macOS, and Windows platforms allows unauthorized access to sensitive information due to inadequate authorization protocols implemented before build 35739. If left unaddressed, this weakness could potentially expose confidential data, risking user privacy and data integrity.

Affected Version(s)

Acronis Cyber Protect 17 Linux < 41186

Acronis Cyber Protect Cloud Agent Linux < 35739

References

https://security-advisory.acronis.com/advisories/SEC-6018

vendor-advisory

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

CVSS V3.0

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 5, 2023
Vulnerability Reserved
Oct 5, 2023

CVE-2023-45242 Data

JSON