Vulnerabilites related to Acronis - Acronis Cyber Protect Cloud Agent
cve-2023-48683
Vulnerability from cvelistv5
Published
2024-04-29 15:47
Modified
2025-01-02 15:24
Severity ?
EPSS score ?
Summary
Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 37758, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39169.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-5899 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Acronis | Acronis Cyber Protect Cloud Agent |
Version: unspecified ≤ |
||||||
|
|||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:acronis:cyber_protect_cloud_agent:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "cyber_protect_cloud_agent", vendor: "acronis", versions: [ { lessThan: "37758", status: "affected", version: "-", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-48683", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-04-30T14:52:11.545078Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:27:30.513Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T21:37:54.430Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SEC-5899", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security-advisory.acronis.com/advisories/SEC-5899", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Linux", "macOS", "Windows", ], product: "Acronis Cyber Protect Cloud Agent", vendor: "Acronis", versions: [ { lessThan: "37758", status: "affected", version: "unspecified", versionType: "semver", }, ], }, { defaultStatus: "unaffected", platforms: [ "Linux", "macOS", "Windows", ], product: "Acronis Cyber Protect 16", vendor: "Acronis", versions: [ { lessThan: "39169", status: "affected", version: "unspecified", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 37758, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39169.", }, ], metrics: [ { cvssV3_0: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.0", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-862", description: "CWE-862", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T15:24:40.944Z", orgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", shortName: "Acronis", }, references: [ { name: "SEC-5899", tags: [ "vendor-advisory", ], url: "https://security-advisory.acronis.com/advisories/SEC-5899", }, ], }, }, cveMetadata: { assignerOrgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", assignerShortName: "Acronis", cveId: "CVE-2023-48683", datePublished: "2024-04-29T15:47:51.993Z", dateReserved: "2023-11-17T14:33:30.400Z", dateUpdated: "2025-01-02T15:24:40.944Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-45246
Vulnerability from cvelistv5
Published
2023-10-06 10:07
Modified
2025-01-02 15:25
Severity ?
EPSS score ?
Summary
Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 36343, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39169.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-5903 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Acronis | Acronis Cyber Protect Cloud Agent |
Version: unspecified ≤ |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T20:14:19.956Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SEC-5903", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security-advisory.acronis.com/advisories/SEC-5903", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:acronis:cyber_protect_cloud_agent:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "cyber_protect_cloud_agent", vendor: "acronis", versions: [ { lessThan: "36343", status: "affected", version: "0", versionType: "semver", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-45246", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-19T18:26:17.297377Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-19T18:30:05.159Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Linux", "macOS", "Windows", ], product: "Acronis Cyber Protect Cloud Agent", vendor: "Acronis", versions: [ { lessThan: "36343", status: "affected", version: "unspecified", versionType: "semver", }, ], }, { defaultStatus: "unaffected", platforms: [ "Linux", "macOS", "Windows", ], product: "Acronis Cyber Protect 16", vendor: "Acronis", versions: [ { lessThan: "39169", status: "affected", version: "unspecified", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 36343, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39169.", }, ], metrics: [ { cvssV3_0: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.0", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-862", description: "CWE-862", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T15:25:18.885Z", orgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", shortName: "Acronis", }, references: [ { name: "SEC-5903", tags: [ "vendor-advisory", ], url: "https://security-advisory.acronis.com/advisories/SEC-5903", }, ], }, }, cveMetadata: { assignerOrgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", assignerShortName: "Acronis", cveId: "CVE-2023-45246", datePublished: "2023-10-06T10:07:06.167Z", dateReserved: "2023-10-05T21:47:00.379Z", dateUpdated: "2025-01-02T15:25:18.885Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-48676
Vulnerability from cvelistv5
Published
2023-12-14 13:32
Modified
2024-08-02 21:37
Severity ?
EPSS score ?
Summary
Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 36943.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-5905 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Acronis | Acronis Cyber Protect Cloud Agent |
Version: unspecified ≤ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T21:37:54.280Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SEC-5905", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security-advisory.acronis.com/advisories/SEC-5905", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Windows", ], product: "Acronis Cyber Protect Cloud Agent", vendor: "Acronis", versions: [ { lessThan: "36943", status: "affected", version: "unspecified", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 36943.", }, ], metrics: [ { cvssV3_0: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-862", description: "CWE-862", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-14T13:32:28.791Z", orgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", shortName: "Acronis", }, references: [ { name: "SEC-5905", tags: [ "vendor-advisory", ], url: "https://security-advisory.acronis.com/advisories/SEC-5905", }, ], }, }, cveMetadata: { assignerOrgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", assignerShortName: "Acronis", cveId: "CVE-2023-48676", datePublished: "2023-12-14T13:32:28.791Z", dateReserved: "2023-11-17T14:33:30.399Z", dateUpdated: "2024-08-02T21:37:54.280Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-24830
Vulnerability from cvelistv5
Published
2025-01-31 12:43
Modified
2025-02-18 18:40
Severity ?
EPSS score ?
Summary
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39378.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-7829 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Acronis | Acronis Cyber Protect Cloud Agent |
Version: unspecified ≤ |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-24830", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-31T15:11:06.535148Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-18T18:40:55.554Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Windows", ], product: "Acronis Cyber Protect Cloud Agent", vendor: "Acronis", versions: [ { lessThan: "39378", status: "affected", version: "unspecified", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "@cyberexplorer (https://hackerone.com/cyberexplorer)", }, ], descriptions: [ { lang: "en", value: "Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39378.", }, ], metrics: [ { cvssV3_0: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.0", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-426", description: "CWE-426", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-31T12:43:13.267Z", orgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", shortName: "Acronis", }, references: [ { name: "SEC-7829", tags: [ "vendor-advisory", ], url: "https://security-advisory.acronis.com/advisories/SEC-7829", }, ], }, }, cveMetadata: { assignerOrgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", assignerShortName: "Acronis", cveId: "CVE-2025-24830", datePublished: "2025-01-31T12:43:13.267Z", dateReserved: "2025-01-24T21:09:13.771Z", dateUpdated: "2025-02-18T18:40:55.554Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-34016
Vulnerability from cvelistv5
Published
2024-09-16 19:44
Modified
2024-09-17 15:56
Severity ?
EPSS score ?
Summary
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 38235.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-7188 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Acronis | Acronis Cyber Protect Cloud Agent |
Version: unspecified ≤ |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:acronis:cyber_protect_cloud_agent:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "cyber_protect_cloud_agent", vendor: "acronis", versions: [ { lessThan: "38235", status: "affected", version: "0", versionType: "semver", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-34016", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-17T15:55:14.107061Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-17T15:56:25.439Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Windows", ], product: "Acronis Cyber Protect Cloud Agent", vendor: "Acronis", versions: [ { lessThan: "38235", status: "affected", version: "unspecified", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "@satz4797 (https://hackerone.com/satz4797)", }, ], descriptions: [ { lang: "en", value: "Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 38235.", }, ], metrics: [ { cvssV3_0: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-427", description: "CWE-427", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-16T19:44:40.674Z", orgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", shortName: "Acronis", }, references: [ { name: "SEC-7188", tags: [ "vendor-advisory", ], url: "https://security-advisory.acronis.com/advisories/SEC-7188", }, ], }, }, cveMetadata: { assignerOrgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", assignerShortName: "Acronis", cveId: "CVE-2024-34016", datePublished: "2024-09-16T19:44:40.674Z", dateReserved: "2024-04-29T15:33:32.845Z", dateUpdated: "2024-09-17T15:56:25.439Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-34010
Vulnerability from cvelistv5
Published
2024-04-29 15:48
Modified
2024-10-15 10:33
Severity ?
EPSS score ?
Summary
Local privilege escalation due to unquoted search path vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 37758, Acronis Cyber Protect 16 (Windows) before build 38690.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-7110 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Acronis | Acronis Cyber Protect Cloud Agent |
Version: unspecified ≤ |
||||||
|
|||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:acronis:cyber_protect_cloud_agent:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "cyber_protect_cloud_agent", vendor: "acronis", versions: [ { lessThan: "build_37758", status: "affected", version: "-", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-34010", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-04-29T16:59:36.817995Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:42:35.400Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T02:42:59.932Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SEC-7110", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security-advisory.acronis.com/advisories/SEC-7110", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Windows", ], product: "Acronis Cyber Protect Cloud Agent", vendor: "Acronis", versions: [ { lessThan: "37758", status: "affected", version: "unspecified", versionType: "semver", }, ], }, { defaultStatus: "unaffected", platforms: [ "Windows", ], product: "Acronis Cyber Protect 16", vendor: "Acronis", versions: [ { lessThan: "38690", status: "affected", version: "unspecified", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "@cyberexplorer (https://hackerone.com/cyberexplorer)", }, ], descriptions: [ { lang: "en", value: "Local privilege escalation due to unquoted search path vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 37758, Acronis Cyber Protect 16 (Windows) before build 38690.", }, ], metrics: [ { cvssV3_0: { baseScore: 8.2, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-428", description: "CWE-428", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-15T10:33:36.173Z", orgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", shortName: "Acronis", }, references: [ { name: "SEC-7110", tags: [ "vendor-advisory", ], url: "https://security-advisory.acronis.com/advisories/SEC-7110", }, ], }, }, cveMetadata: { assignerOrgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", assignerShortName: "Acronis", cveId: "CVE-2024-34010", datePublished: "2024-04-29T15:48:14.398Z", dateReserved: "2024-04-29T15:33:32.845Z", dateUpdated: "2024-10-15T10:33:36.173Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-8903
Vulnerability from cvelistv5
Published
2024-09-23 08:57
Modified
2024-09-23 15:37
Severity ?
EPSS score ?
Summary
Local active protection service settings manipulation due to unnecessary privileges assignment. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows, macOS) before build 38565.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-7510 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Acronis | Acronis Cyber Protect Cloud Agent |
Version: unspecified ≤ |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-8903", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-23T15:36:51.704305Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-23T15:37:00.561Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Windows", "macOS", ], product: "Acronis Cyber Protect Cloud Agent", vendor: "Acronis", versions: [ { lessThan: "38565", status: "affected", version: "unspecified", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "Local active protection service settings manipulation due to unnecessary privileges assignment. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows, macOS) before build 38565.", }, ], metrics: [ { cvssV3_0: { baseScore: 4.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.0", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-250", description: "CWE-250", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-23T08:57:16.328Z", orgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", shortName: "Acronis", }, references: [ { name: "SEC-7510", tags: [ "vendor-advisory", ], url: "https://security-advisory.acronis.com/advisories/SEC-7510", }, ], }, }, cveMetadata: { assignerOrgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", assignerShortName: "Acronis", cveId: "CVE-2024-8903", datePublished: "2024-09-23T08:57:16.328Z", dateReserved: "2024-09-16T19:52:34.008Z", dateUpdated: "2024-09-23T15:37:00.561Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-45248
Vulnerability from cvelistv5
Published
2023-10-09 11:08
Modified
2024-08-02 20:14
Severity ?
EPSS score ?
Summary
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 36497, Acronis Cyber Protect 16 (Windows) before build 37391.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-6052 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Acronis | Acronis Cyber Protect Cloud Agent |
Version: unspecified ≤ |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T20:14:19.924Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SEC-6052", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security-advisory.acronis.com/advisories/SEC-6052", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Windows", ], product: "Acronis Cyber Protect Cloud Agent", vendor: "Acronis", versions: [ { lessThan: "36497", status: "affected", version: "unspecified", versionType: "semver", }, ], }, { defaultStatus: "unaffected", platforms: [ "Windows", ], product: "Acronis Cyber Protect 16", vendor: "Acronis", versions: [ { lessThan: "37391", status: "affected", version: "unspecified", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 36497, Acronis Cyber Protect 16 (Windows) before build 37391.", }, ], metrics: [ { cvssV3_0: { baseScore: 6.6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", version: "3.0", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-427", description: "CWE-427", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-27T16:55:03.256Z", orgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", shortName: "Acronis", }, references: [ { name: "SEC-6052", tags: [ "vendor-advisory", ], url: "https://security-advisory.acronis.com/advisories/SEC-6052", }, ], }, }, cveMetadata: { assignerOrgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", assignerShortName: "Acronis", cveId: "CVE-2023-45248", datePublished: "2023-10-09T11:08:37.009Z", dateReserved: "2023-10-05T21:47:00.379Z", dateUpdated: "2024-08-02T20:14:19.924Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-55539
Vulnerability from cvelistv5
Published
2024-12-23 14:05
Modified
2025-01-09 16:39
Severity ?
EPSS score ?
Summary
Weak algorithm used to sign RPM package. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux) before build 39185.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-5825 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Acronis | Acronis Cyber Protect Cloud Agent |
Version: unspecified ≤ |
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 2.5, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-55539", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-12-24T01:56:18.019081Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-09T16:39:59.119Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Linux", ], product: "Acronis Cyber Protect Cloud Agent", vendor: "Acronis", versions: [ { lessThan: "39185", status: "affected", version: "unspecified", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "Weak algorithm used to sign RPM package. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux) before build 39185.", }, ], metrics: [ { cvssV3_0: { baseScore: 2.5, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-327", description: "CWE-327", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-23T14:05:20.298Z", orgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", shortName: "Acronis", }, references: [ { name: "SEC-5825", tags: [ "vendor-advisory", ], url: "https://security-advisory.acronis.com/advisories/SEC-5825", }, ], }, }, cveMetadata: { assignerOrgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", assignerShortName: "Acronis", cveId: "CVE-2024-55539", datePublished: "2024-12-23T14:05:20.298Z", dateReserved: "2024-12-06T17:33:33.992Z", dateUpdated: "2025-01-09T16:39:59.119Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-24829
Vulnerability from cvelistv5
Published
2025-01-31 12:43
Modified
2025-02-18 18:40
Severity ?
EPSS score ?
Summary
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39378.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-7839 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Acronis | Acronis Cyber Protect Cloud Agent |
Version: unspecified ≤ |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-24829", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-31T15:08:10.803694Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-18T18:40:26.167Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Windows", ], product: "Acronis Cyber Protect Cloud Agent", vendor: "Acronis", versions: [ { lessThan: "39378", status: "affected", version: "unspecified", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "@cyberexplorer (https://hackerone.com/cyberexplorer)", }, ], descriptions: [ { lang: "en", value: "Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39378.", }, ], metrics: [ { cvssV3_0: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.0", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-426", description: "CWE-426", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-31T12:43:28.583Z", orgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", shortName: "Acronis", }, references: [ { name: "SEC-7839", tags: [ "vendor-advisory", ], url: "https://security-advisory.acronis.com/advisories/SEC-7839", }, ], }, }, cveMetadata: { assignerOrgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", assignerShortName: "Acronis", cveId: "CVE-2025-24829", datePublished: "2025-01-31T12:43:28.583Z", dateReserved: "2025-01-24T21:09:13.771Z", dateUpdated: "2025-02-18T18:40:26.167Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-24831
Vulnerability from cvelistv5
Published
2025-01-31 12:42
Modified
2025-02-18 18:41
Severity ?
EPSS score ?
Summary
Local privilege escalation due to unquoted search path vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39378.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-6153 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Acronis | Acronis Cyber Protect Cloud Agent |
Version: unspecified ≤ |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-24831", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-31T15:13:21.631630Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-18T18:41:20.237Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Windows", ], product: "Acronis Cyber Protect Cloud Agent", vendor: "Acronis", versions: [ { lessThan: "39378", status: "affected", version: "unspecified", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "Local privilege escalation due to unquoted search path vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39378.", }, ], metrics: [ { cvssV3_0: { baseScore: 6.6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", version: "3.0", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-428", description: "CWE-428", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-31T12:42:57.048Z", orgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", shortName: "Acronis", }, references: [ { name: "SEC-6153", tags: [ "vendor-advisory", ], url: "https://security-advisory.acronis.com/advisories/SEC-6153", }, ], }, }, cveMetadata: { assignerOrgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", assignerShortName: "Acronis", cveId: "CVE-2025-24831", datePublished: "2025-01-31T12:42:57.048Z", dateReserved: "2025-01-24T21:09:13.771Z", dateUpdated: "2025-02-18T18:41:20.237Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-45247
Vulnerability from cvelistv5
Published
2023-10-09 11:09
Modified
2025-01-02 15:25
Severity ?
EPSS score ?
Summary
Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 36497, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39169.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-6600 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Acronis | Acronis Cyber Protect Cloud Agent |
Version: unspecified ≤ |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T20:14:19.884Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SEC-6600", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security-advisory.acronis.com/advisories/SEC-6600", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:acronis:agent:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "agent", vendor: "acronis", versions: [ { lessThan: "36497", status: "affected", version: "0", versionType: "semver", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-45247", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-19T14:25:14.555886Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-19T14:26:26.270Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Linux", "macOS", "Windows", ], product: "Acronis Cyber Protect Cloud Agent", vendor: "Acronis", versions: [ { lessThan: "36497", status: "affected", version: "unspecified", versionType: "semver", }, ], }, { defaultStatus: "unaffected", platforms: [ "Linux", "macOS", "Windows", ], product: "Acronis Cyber Protect 16", vendor: "Acronis", versions: [ { lessThan: "39169", status: "affected", version: "unspecified", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 36497, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39169.", }, ], metrics: [ { cvssV3_0: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.0", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-862", description: "CWE-862", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T15:25:01.362Z", orgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", shortName: "Acronis", }, references: [ { name: "SEC-6600", tags: [ "vendor-advisory", ], url: "https://security-advisory.acronis.com/advisories/SEC-6600", }, ], }, }, cveMetadata: { assignerOrgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", assignerShortName: "Acronis", cveId: "CVE-2023-45247", datePublished: "2023-10-09T11:09:00.897Z", dateReserved: "2023-10-05T21:47:00.379Z", dateUpdated: "2025-01-02T15:25:01.362Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-55542
Vulnerability from cvelistv5
Published
2025-01-02 15:26
Modified
2025-01-02 17:04
Severity ?
EPSS score ?
Summary
Local privilege escalation due to excessive permissions assigned to Tray Monitor service. The following products are affected: Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39169, Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 35895.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-5342 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Acronis | Acronis Cyber Protect 16 |
Version: unspecified ≤ |
||||||
|
|||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-55542", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-02T17:03:24.328986Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-02T17:04:20.318Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Linux", "macOS", "Windows", ], product: "Acronis Cyber Protect 16", vendor: "Acronis", versions: [ { lessThan: "39169", status: "affected", version: "unspecified", versionType: "semver", }, ], }, { defaultStatus: "unaffected", platforms: [ "Linux", "macOS", "Windows", ], product: "Acronis Cyber Protect Cloud Agent", vendor: "Acronis", versions: [ { lessThan: "35895", status: "affected", version: "unspecified", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "Local privilege escalation due to excessive permissions assigned to Tray Monitor service. The following products are affected: Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39169, Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 35895.", }, ], metrics: [ { cvssV3_0: { baseScore: 4.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.0", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-266", description: "CWE-266", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T15:26:40.928Z", orgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", shortName: "Acronis", }, references: [ { name: "SEC-5342", tags: [ "vendor-advisory", ], url: "https://security-advisory.acronis.com/advisories/SEC-5342", }, ], }, }, cveMetadata: { assignerOrgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", assignerShortName: "Acronis", cveId: "CVE-2024-55542", datePublished: "2025-01-02T15:26:40.928Z", dateReserved: "2024-12-06T17:33:33.992Z", dateUpdated: "2025-01-02T17:04:20.318Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-45241
Vulnerability from cvelistv5
Published
2023-10-05 21:57
Modified
2024-09-20 13:12
Severity ?
EPSS score ?
Summary
Sensitive information leak through log files. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 35739, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 37391.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-5999 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Acronis | Acronis Cyber Protect Cloud Agent |
Version: unspecified ≤ |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T20:14:20.038Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SEC-5999", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security-advisory.acronis.com/advisories/SEC-5999", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-45241", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-19T18:36:24.982118Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-20T13:12:02.515Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Linux", "macOS", "Windows", ], product: "Acronis Cyber Protect Cloud Agent", vendor: "Acronis", versions: [ { lessThan: "35739", status: "affected", version: "unspecified", versionType: "semver", }, ], }, { defaultStatus: "unaffected", platforms: [ "Linux", "macOS", "Windows", ], product: "Acronis Cyber Protect 16", vendor: "Acronis", versions: [ { lessThan: "37391", status: "affected", version: "unspecified", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "Sensitive information leak through log files. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 35739, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 37391.", }, ], metrics: [ { cvssV3_0: { baseScore: 4.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-532", description: "CWE-532", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-27T16:54:15.100Z", orgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", shortName: "Acronis", }, references: [ { name: "SEC-5999", tags: [ "vendor-advisory", ], url: "https://security-advisory.acronis.com/advisories/SEC-5999", }, ], }, }, cveMetadata: { assignerOrgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", assignerShortName: "Acronis", cveId: "CVE-2023-45241", datePublished: "2023-10-05T21:57:23.228Z", dateReserved: "2023-10-05T21:47:00.378Z", dateUpdated: "2024-09-20T13:12:02.515Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-34011
Vulnerability from cvelistv5
Published
2024-04-29 15:48
Modified
2024-08-02 02:42
Severity ?
EPSS score ?
Summary
Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 37758.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-7171 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Acronis | Acronis Cyber Protect Cloud Agent |
Version: unspecified ≤ |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:acronis:cyber_protect_cloud_agent:23:update9:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "cyber_protect_cloud_agent", vendor: "acronis", versions: [ { status: "affected", version: "24", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-34011", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-04-29T16:52:41.247814Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:42:37.120Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T02:42:59.827Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SEC-7171", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security-advisory.acronis.com/advisories/SEC-7171", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Windows", ], product: "Acronis Cyber Protect Cloud Agent", vendor: "Acronis", versions: [ { lessThan: "37758", status: "affected", version: "unspecified", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 37758.", }, ], metrics: [ { cvssV3_0: { baseScore: 6.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L", version: "3.0", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-276", description: "CWE-276", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-04-29T15:48:24.248Z", orgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", shortName: "Acronis", }, references: [ { name: "SEC-7171", tags: [ "vendor-advisory", ], url: "https://security-advisory.acronis.com/advisories/SEC-7171", }, ], }, }, cveMetadata: { assignerOrgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", assignerShortName: "Acronis", cveId: "CVE-2024-34011", datePublished: "2024-04-29T15:48:24.248Z", dateReserved: "2024-04-29T15:33:32.845Z", dateUpdated: "2024-08-02T02:42:59.827Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-8766
Vulnerability from cvelistv5
Published
2024-09-16 19:45
Modified
2025-01-02 15:25
Severity ?
EPSS score ?
Summary
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 38235, Acronis Cyber Protect 16 (Windows) before build 39169.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-7218 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Acronis | Acronis Cyber Protect Cloud Agent |
Version: unspecified ≤ |
||||||
|
|||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:acronis:cyber_protect_cloud_agent:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "cyber_protect_cloud_agent", vendor: "acronis", versions: [ { lessThan: "38235", status: "affected", version: "0", versionType: "semver", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-8766", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-17T15:51:30.427021Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-17T15:54:21.758Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Windows", ], product: "Acronis Cyber Protect Cloud Agent", vendor: "Acronis", versions: [ { lessThan: "38235", status: "affected", version: "unspecified", versionType: "semver", }, ], }, { defaultStatus: "unaffected", platforms: [ "Windows", ], product: "Acronis Cyber Protect 16", vendor: "Acronis", versions: [ { lessThan: "39169", status: "affected", version: "unspecified", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "@satz4797 (https://hackerone.com/satz4797)", }, ], descriptions: [ { lang: "en", value: "Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 38235, Acronis Cyber Protect 16 (Windows) before build 39169.", }, ], metrics: [ { cvssV3_0: { baseScore: 6.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-427", description: "CWE-427", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T15:25:36.040Z", orgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", shortName: "Acronis", }, references: [ { name: "SEC-7218", tags: [ "vendor-advisory", ], url: "https://security-advisory.acronis.com/advisories/SEC-7218", }, ], }, }, cveMetadata: { assignerOrgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", assignerShortName: "Acronis", cveId: "CVE-2024-8766", datePublished: "2024-09-16T19:45:03.044Z", dateReserved: "2024-09-12T20:45:42.402Z", dateUpdated: "2025-01-02T15:25:36.040Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-44211
Vulnerability from cvelistv5
Published
2023-10-05 21:14
Modified
2024-08-02 19:59
Severity ?
EPSS score ?
Summary
Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 31637, Acronis Cyber Protect 16 (Linux, Windows) before build 37391.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-4061 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Acronis | Acronis Cyber Protect Cloud Agent |
Version: unspecified ≤ |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T19:59:51.461Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SEC-4061", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security-advisory.acronis.com/advisories/SEC-4061", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Linux", "macOS", "Windows", ], product: "Acronis Cyber Protect Cloud Agent", vendor: "Acronis", versions: [ { lessThan: "31637", status: "affected", version: "unspecified", versionType: "semver", }, ], }, { defaultStatus: "unaffected", platforms: [ "Linux", "Windows", ], product: "Acronis Cyber Protect 16", vendor: "Acronis", versions: [ { lessThan: "37391", status: "affected", version: "unspecified", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 31637, Acronis Cyber Protect 16 (Linux, Windows) before build 37391.", }, ], metrics: [ { cvssV3_0: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.0", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-862", description: "CWE-862", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-27T16:46:58.037Z", orgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", shortName: "Acronis", }, references: [ { name: "SEC-4061", tags: [ "vendor-advisory", ], url: "https://security-advisory.acronis.com/advisories/SEC-4061", }, ], }, }, cveMetadata: { assignerOrgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", assignerShortName: "Acronis", cveId: "CVE-2023-44211", datePublished: "2023-10-05T21:14:19.549Z", dateReserved: "2023-09-26T20:08:46.834Z", dateUpdated: "2024-08-02T19:59:51.461Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-44213
Vulnerability from cvelistv5
Published
2023-10-05 21:56
Modified
2024-09-10 15:48
Severity ?
EPSS score ?
Summary
Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 35739, Acronis Cyber Protect 16 (Windows) before build 37391.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-5286 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Acronis | Acronis Cyber Protect Cloud Agent |
Version: unspecified ≤ |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T19:59:51.444Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SEC-5286", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security-advisory.acronis.com/advisories/SEC-5286", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Windows", ], product: "Acronis Cyber Protect Cloud Agent", vendor: "Acronis", versions: [ { lessThan: "35739", status: "affected", version: "unspecified", versionType: "semver", }, ], }, { defaultStatus: "unaffected", platforms: [ "Windows", ], product: "Acronis Cyber Protect 16", vendor: "Acronis", versions: [ { lessThan: "37391", status: "affected", version: "unspecified", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 35739, Acronis Cyber Protect 16 (Windows) before build 37391.", }, ], metrics: [ { cvssV3_0: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-359", description: "CWE-359", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-10T15:48:22.536Z", orgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", shortName: "Acronis", }, references: [ { name: "SEC-5286", tags: [ "vendor-advisory", ], url: "https://security-advisory.acronis.com/advisories/SEC-5286", }, ], }, }, cveMetadata: { assignerOrgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", assignerShortName: "Acronis", cveId: "CVE-2023-44213", datePublished: "2023-10-05T21:56:48.957Z", dateReserved: "2023-09-26T20:08:46.835Z", dateUpdated: "2024-09-10T15:48:22.536Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-48684
Vulnerability from cvelistv5
Published
2024-04-29 15:48
Modified
2024-08-02 21:37
Severity ?
EPSS score ?
Summary
Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 37758.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-6021 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Acronis | Acronis Cyber Protect Cloud Agent |
Version: unspecified ≤ |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:acronis:cyber_protect_cloud_agent:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "cyber_protect_cloud_agent", vendor: "acronis", versions: [ { lessThan: "build_37758", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-48684", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-05-02T04:00:17.600511Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-24T21:09:37.787Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T21:37:54.278Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SEC-6021", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security-advisory.acronis.com/advisories/SEC-6021", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Linux", "macOS", "Windows", ], product: "Acronis Cyber Protect Cloud Agent", vendor: "Acronis", versions: [ { lessThan: "37758", status: "affected", version: "unspecified", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 37758.", }, ], metrics: [ { cvssV3_0: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.0", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-862", description: "CWE-862", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-04-29T15:48:03.752Z", orgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", shortName: "Acronis", }, references: [ { name: "SEC-6021", tags: [ "vendor-advisory", ], url: "https://security-advisory.acronis.com/advisories/SEC-6021", }, ], }, }, cveMetadata: { assignerOrgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", assignerShortName: "Acronis", cveId: "CVE-2023-48684", datePublished: "2024-04-29T15:48:03.752Z", dateReserved: "2023-11-17T14:33:30.400Z", dateUpdated: "2024-08-02T21:37:54.278Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-45244
Vulnerability from cvelistv5
Published
2023-10-06 09:47
Modified
2024-08-02 20:14
Severity ?
EPSS score ?
Summary
Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 35895, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 37391.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-5907 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Acronis | Acronis Cyber Protect Cloud Agent |
Version: unspecified ≤ |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T20:14:19.954Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SEC-5907", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security-advisory.acronis.com/advisories/SEC-5907", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Linux", "macOS", "Windows", ], product: "Acronis Cyber Protect Cloud Agent", vendor: "Acronis", versions: [ { lessThan: "35895", status: "affected", version: "unspecified", versionType: "semver", }, ], }, { defaultStatus: "unaffected", platforms: [ "Linux", "macOS", "Windows", ], product: "Acronis Cyber Protect 16", vendor: "Acronis", versions: [ { lessThan: "37391", status: "affected", version: "unspecified", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 35895, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 37391.", }, ], metrics: [ { cvssV3_0: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.0", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-862", description: "CWE-862", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-27T16:53:48.749Z", orgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", shortName: "Acronis", }, references: [ { name: "SEC-5907", tags: [ "vendor-advisory", ], url: "https://security-advisory.acronis.com/advisories/SEC-5907", }, ], }, }, cveMetadata: { assignerOrgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", assignerShortName: "Acronis", cveId: "CVE-2023-45244", datePublished: "2023-10-06T09:47:15.441Z", dateReserved: "2023-10-05T21:47:00.379Z", dateUpdated: "2024-08-02T20:14:19.954Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-24827
Vulnerability from cvelistv5
Published
2025-01-31 12:43
Modified
2025-02-18 18:40
Severity ?
EPSS score ?
Summary
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39378.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-7841 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Acronis | Acronis Cyber Protect Cloud Agent |
Version: unspecified ≤ |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-24827", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-31T15:02:38.400012Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-18T18:40:00.757Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Windows", ], product: "Acronis Cyber Protect Cloud Agent", vendor: "Acronis", versions: [ { lessThan: "39378", status: "affected", version: "unspecified", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "@cyberexplorer (https://hackerone.com/cyberexplorer)", }, ], descriptions: [ { lang: "en", value: "Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39378.", }, ], metrics: [ { cvssV3_0: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.0", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-426", description: "CWE-426", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-31T12:43:44.323Z", orgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", shortName: "Acronis", }, references: [ { name: "SEC-7841", tags: [ "vendor-advisory", ], url: "https://security-advisory.acronis.com/advisories/SEC-7841", }, ], }, }, cveMetadata: { assignerOrgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", assignerShortName: "Acronis", cveId: "CVE-2025-24827", datePublished: "2025-01-31T12:43:44.323Z", dateReserved: "2025-01-24T21:09:13.771Z", dateUpdated: "2025-02-18T18:40:00.757Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-48677
Vulnerability from cvelistv5
Published
2023-12-12 08:33
Modified
2025-01-31 12:42
Severity ?
EPSS score ?
Summary
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40901, Acronis Cyber Protect Cloud Agent (Windows) before build 39378.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-5620 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Acronis | Acronis Cyber Protect Home Office |
Version: unspecified ≤ |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T21:37:54.463Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SEC-5620", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security-advisory.acronis.com/advisories/SEC-5620", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Windows", ], product: "Acronis Cyber Protect Home Office", vendor: "Acronis", versions: [ { lessThan: "40901", status: "affected", version: "unspecified", versionType: "semver", }, ], }, { defaultStatus: "unaffected", platforms: [ "Windows", ], product: "Acronis Cyber Protect Cloud Agent", vendor: "Acronis", versions: [ { lessThan: "39378", status: "affected", version: "unspecified", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "@veath (https://hackerone.com/veath)", }, ], descriptions: [ { lang: "en", value: "Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40901, Acronis Cyber Protect Cloud Agent (Windows) before build 39378.", }, ], metrics: [ { cvssV3_0: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-427", description: "CWE-427", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-31T12:42:28.838Z", orgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", shortName: "Acronis", }, references: [ { name: "SEC-5620", tags: [ "vendor-advisory", ], url: "https://security-advisory.acronis.com/advisories/SEC-5620", }, ], }, }, cveMetadata: { assignerOrgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", assignerShortName: "Acronis", cveId: "CVE-2023-48677", datePublished: "2023-12-12T08:33:17.191Z", dateReserved: "2023-11-17T14:33:30.399Z", dateUpdated: "2025-01-31T12:42:28.838Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-24828
Vulnerability from cvelistv5
Published
2025-01-31 12:43
Modified
2025-01-31 14:56
Severity ?
EPSS score ?
Summary
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39378.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-7842 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Acronis | Acronis Cyber Protect Cloud Agent |
Version: unspecified ≤ |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-24828", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-31T14:55:49.374466Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-31T14:56:12.508Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Windows", ], product: "Acronis Cyber Protect Cloud Agent", vendor: "Acronis", versions: [ { lessThan: "39378", status: "affected", version: "unspecified", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "@cyberexplorer (https://hackerone.com/cyberexplorer)", }, ], descriptions: [ { lang: "en", value: "Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39378.", }, ], metrics: [ { cvssV3_0: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.0", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-426", description: "CWE-426", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-31T12:43:58.295Z", orgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", shortName: "Acronis", }, references: [ { name: "SEC-7842", tags: [ "vendor-advisory", ], url: "https://security-advisory.acronis.com/advisories/SEC-7842", }, ], }, }, cveMetadata: { assignerOrgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", assignerShortName: "Acronis", cveId: "CVE-2025-24828", datePublished: "2025-01-31T12:43:58.295Z", dateReserved: "2025-01-24T21:09:13.771Z", dateUpdated: "2025-01-31T14:56:12.508Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }