CVE-2023-48683 (GCVE-0-2023-48683)
Vulnerability from cvelistv5
Published
2024-04-29 15:47
Modified
2025-01-02 15:24
Severity ?
7.1 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
CWE
Summary
Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 37758, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39169.
References
Impacted products
Vendor Product Version
Acronis Acronis Cyber Protect Cloud Agent Version: unspecified   
Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:acronis:cyber_protect_cloud_agent:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "cyber_protect_cloud_agent",
            "vendor": "acronis",
            "versions": [
              {
                "lessThan": "37758",
                "status": "affected",
                "version": "-",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-48683",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-30T14:52:11.545078Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:27:30.513Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T21:37:54.430Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SEC-5899",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security-advisory.acronis.com/advisories/SEC-5899"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux",
            "macOS",
            "Windows"
          ],
          "product": "Acronis Cyber Protect Cloud Agent",
          "vendor": "Acronis",
          "versions": [
            {
              "lessThan": "37758",
              "status": "affected",
              "version": "unspecified",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux",
            "macOS",
            "Windows"
          ],
          "product": "Acronis Cyber Protect 16",
          "vendor": "Acronis",
          "versions": [
            {
              "lessThan": "39169",
              "status": "affected",
              "version": "unspecified",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 37758, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39169."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.0"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-862",
              "description": "CWE-862",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-02T15:24:40.944Z",
        "orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
        "shortName": "Acronis"
      },
      "references": [
        {
          "name": "SEC-5899",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security-advisory.acronis.com/advisories/SEC-5899"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
    "assignerShortName": "Acronis",
    "cveId": "CVE-2023-48683",
    "datePublished": "2024-04-29T15:47:51.993Z",
    "dateReserved": "2023-11-17T14:33:30.400Z",
    "dateUpdated": "2025-01-02T15:24:40.944Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-48683\",\"sourceIdentifier\":\"security@acronis.com\",\"published\":\"2024-04-29T16:15:34.670\",\"lastModified\":\"2025-01-02T16:15:07.563\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 37758, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39169.\"},{\"lang\":\"es\",\"value\":\"Divulgaci\u00f3n y manipulaci\u00f3n de informaci\u00f3n sensible por falta de autorizaci\u00f3n. Los siguientes productos se ven afectados: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) antes de la compilaci\u00f3n 37758.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"security@acronis.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"security@acronis.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-862\"}]}],\"references\":[{\"url\":\"https://security-advisory.acronis.com/advisories/SEC-5899\",\"source\":\"security@acronis.com\"},{\"url\":\"https://security-advisory.acronis.com/advisories/SEC-5899\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://security-advisory.acronis.com/advisories/SEC-5899\", \"name\": \"SEC-5899\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T21:37:54.430Z\"}}, {\"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-48683\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-04-30T14:52:11.545078Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:acronis:cyber_protect_cloud_agent:-:*:*:*:*:*:*:*\"], \"vendor\": \"acronis\", \"product\": \"cyber_protect_cloud_agent\", \"versions\": [{\"status\": \"affected\", \"version\": \"-\", \"lessThan\": \"37758\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-04-30T15:01:12.300Z\"}, \"title\": \"CISA ADP Vulnrichment\"}], \"cna\": {\"metrics\": [{\"format\": \"CVSS\", \"cvssV3_0\": {\"version\": \"3.0\", \"baseScore\": 7.1, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Acronis\", \"product\": \"Acronis Cyber Protect Cloud Agent\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"37758\", \"versionType\": \"semver\"}], \"platforms\": [\"Linux\", \"macOS\", \"Windows\"], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Acronis\", \"product\": \"Acronis Cyber Protect 16\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"39169\", \"versionType\": \"semver\"}], \"platforms\": [\"Linux\", \"macOS\", \"Windows\"], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://security-advisory.acronis.com/advisories/SEC-5899\", \"name\": \"SEC-5899\", \"tags\": [\"vendor-advisory\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 37758, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39169.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-862\", \"description\": \"CWE-862\"}]}], \"providerMetadata\": {\"orgId\": \"73dc0fef-1c66-4a72-9d2d-0a0f4012c175\", \"shortName\": \"Acronis\", \"dateUpdated\": \"2025-01-02T15:24:40.944Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-48683\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-01-02T15:24:40.944Z\", \"dateReserved\": \"2023-11-17T14:33:30.400Z\", \"assignerOrgId\": \"73dc0fef-1c66-4a72-9d2d-0a0f4012c175\", \"datePublished\": \"2024-04-29T15:47:51.993Z\", \"assignerShortName\": \"Acronis\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.