Sensitive Information Disclosure in Acronis Cyber Protect Products
CVE-2023-45247

7.1HIGH

Key Information:

Vendor: Acronis
Status: Acronis Cyber Protect Cloud Agent; Acronis Cyber Protect 16
Vendor: CVE Published:; 9 October 2023

What is CVE-2023-45247?

A vulnerability exists in Acronis Cyber Protect products that allows unauthorized access to sensitive information due to missing authorization checks. This exposure may lead to data manipulation, putting users at risk. The affected versions include Acronis Cyber Protect Cloud Agent prior to build 36497 and Acronis Cyber Protect 16 prior to build 39169. Users are urged to update their software to mitigate potential risks.

Affected Version(s)

Acronis Cyber Protect 16 Linux < 39169

Acronis Cyber Protect Cloud Agent Linux < 36497

References

https://security-advisory.acronis.com/advisories/SEC-6600

vendor-advisory

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 9, 2023
Vulnerability Reserved
Oct 5, 2023