Improper Authorization Leads to Sensitive Information Manipulation in Acronis Cyber Protect 16
CVE-2024-49388

9.1CRITICAL

Key Information:

Vendor: Acronis
Status: Acronis Cyber Protect 16
Vendor: CVE Published:; 15 October 2024

Summary

A vulnerability exists in Acronis Cyber Protect 16 that allows for sensitive information manipulation as a result of improper authorization processes. This flaw impacts users of the software on both Linux and Windows platforms prior to build 38690, potentially enabling unauthorized users to access or alter sensitive data. Organizations using affected versions should prioritize updating their systems to mitigate the associated risks detailed in the vendor's advisory SEC-5984.

Affected Version(s)

Acronis Cyber Protect 16 Linux < 38690

References

https://security-advisory.acronis.com/advisories/SEC-5984

vendor-advisory

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 15, 2024
Vulnerability Reserved
Oct 14, 2024