Insecure Folder Permissions Leave Acronis Cloud Manager (Windows) Vulnerable to Local Privilege Escalation
CVE-2024-34012

4.4MEDIUM

Key Information:

Vendor
Acronis
Status
Acronis Cloud Manager
Vendor
CVE Published:
14 June 2024

Summary

Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cloud Manager (Windows) before build 6.2.24135.272.

Affected Version(s)

Acronis Cloud Manager Windows < 6.2.24135.272

References

https://security-advisory.acronis.com/advisories/SEC-5758
vendor-advisory

CVSS V3.1

Score:
4.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

@tkoyeung (https://hackerone.com/tkoyeung)
.