Sensitive Information Disclosure and Manipulation in Acronis Cyber Protect Products
CVE-2023-45246

7.1HIGH

Key Information:

Vendor: Acronis
Status: Acronis Cyber Protect Cloud Agent; Acronis Cyber Protect 16
Vendor: CVE Published:; 6 October 2023

Summary

A vulnerability has been identified in Acronis Cyber Protect products that allows for sensitive information disclosure and manipulation due to missing authorization mechanisms. Users of Acronis Cyber Protect Cloud Agent and Acronis Cyber Protect 16 on Linux, macOS, and Windows platforms, especially those running builds prior to 36343 and 39169 respectively, are advised to review the detailed advisory and implement the necessary updates to safeguard their systems.

Affected Version(s)

Acronis Cyber Protect 16 Linux < 39169

Acronis Cyber Protect Cloud Agent Linux < 36343

References

https://security-advisory.acronis.com/advisories/SEC-5903

vendor-advisory

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 6, 2023
Vulnerability Reserved
Oct 5, 2023