Sensitive Information Disclosure Vulnerability in Acronis Cyber Protect Products
CVE-2023-45244

7.1HIGH

Key Information:

Vendor: Acronis
Status: Acronis Cyber Protect Cloud Agent; Acronis Cyber Protect 16
Vendor: CVE Published:; 6 October 2023

What is CVE-2023-45244?

A vulnerability exists within Acronis Cyber Protect products, allowing unauthorized access to sensitive information due to inadequate authorization checks. Specifically, this affects Acronis Cyber Protect Cloud Agent and Acronis Cyber Protect 16 across multiple operating systems prior to specific builds. Attackers could exploit this flaw to manipulate or access sensitive data without sufficient permissions, leading to potential data breaches.

Affected Version(s)

Acronis Cyber Protect 16 Linux < 37391

Acronis Cyber Protect Cloud Agent Linux < 35895

References

https://security-advisory.acronis.com/advisories/SEC-5907

vendor-advisory

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 6, 2023
Vulnerability Reserved
Oct 5, 2023