Sensitive Information Disclosure in Acronis Cyber Protect Cloud Agent
CVE-2023-48684

7.1HIGH

Key Information:

Vendor: Acronis
Status: Acronis Cyber Protect Cloud Agent
Vendor: CVE Published:; 29 April 2024

Summary

The vulnerability results from inadequate authorization checks within the Acronis Cyber Protect Cloud Agent, permitting unauthorized access to sensitive information. Attackers exploiting this flaw can manipulate data and potentially escalate their access privileges. The issue affects users of the software on Linux, macOS, and Windows platforms prior to build 37758, making prompt updates essential to mitigate risks.

Affected Version(s)

Acronis Cyber Protect Cloud Agent Linux < 37758

References

https://security-advisory.acronis.com/advisories/SEC-6021

vendor-advisory

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 29, 2024