Sensitive Information Disclosure in Acronis Cyber Protect Home Office by Acronis
CVE-2023-5042

5.5MEDIUM

Key Information:

Vendor: Acronis
Status: Acronis Cyber Protect Home Office
Vendor: CVE Published:; 20 September 2023

Summary

A vulnerability has been identified in Acronis Cyber Protect Home Office for Windows, which stems from insecure folder permissions. This flaw allows unauthorized access to sensitive information, exposing user data to potential risks. Affected versions include all builds prior to 40713. Users are advised to update their software to mitigate the risk of data exposure.

Affected Version(s)

Acronis Cyber Protect Home Office Windows < 40713

References

https://security-advisory.acronis.com/advisories/SEC-5330

vendor-advisory

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 20, 2023
Vulnerability Reserved
Sep 18, 2023

Credit

@tkoyeung (https://hackerone.com/tkoyeung)