Weak Algorithm in RPM Package Signing for Acronis Products
CVE-2024-55539

2.5LOW

Key Information:

Vendor: Acronis
Status: Acronis Cyber Protect Cloud Agent; Acronis Cyber Protect 16
Vendor: CVE Published:; 23 December 2024

What is CVE-2024-55539?

Acronis Cyber Protect Cloud Agent for Linux is impacted by a vulnerability due to the utilization of a weak algorithm for signing RPM packages. This flaw compromises the integrity of package verification processes, leaving systems at risk for potential exploitation. Users of Acronis Cyber Protect Cloud Agent (Linux) prior to build 39185 should immediately review their systems for exposure to this vulnerability and apply relevant mitigations or updates as necessary to enhance their security posture.

Affected Version(s)

Acronis Cyber Protect 16 Linux < 39938

Acronis Cyber Protect Cloud Agent Linux < 39185

References

https://security-advisory.acronis.com/advisories/SEC-5825

vendor-advisory

CVSS V3.1

Score:

2.5

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

CVSS V3.0

Score:

2.5

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 23, 2024
Vulnerability Reserved
Dec 6, 2024

JSON