cve-2023-44213
Vulnerability from cvelistv5
Published
2023-10-05 21:56
Modified
2024-09-10 15:48
Severity ?
EPSS score ?
0.04%
(0.11995)
Summary
Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 35739, Acronis Cyber Protect 16 (Windows) before build 37391.
References
Impacted products
Vendor | Product | Version | |||||||
---|---|---|---|---|---|---|---|---|---|
▼ | Acronis | Acronis Cyber Protect Cloud Agent |
Version: unspecified ≤ |
||||||
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T19:59:51.444Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SEC-5286", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security-advisory.acronis.com/advisories/SEC-5286", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Windows", ], product: "Acronis Cyber Protect Cloud Agent", vendor: "Acronis", versions: [ { lessThan: "35739", status: "affected", version: "unspecified", versionType: "semver", }, ], }, { defaultStatus: "unaffected", platforms: [ "Windows", ], product: "Acronis Cyber Protect 16", vendor: "Acronis", versions: [ { lessThan: "37391", status: "affected", version: "unspecified", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 35739, Acronis Cyber Protect 16 (Windows) before build 37391.", }, ], metrics: [ { cvssV3_0: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-359", description: "CWE-359", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-10T15:48:22.536Z", orgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", shortName: "Acronis", }, references: [ { name: "SEC-5286", tags: [ "vendor-advisory", ], url: "https://security-advisory.acronis.com/advisories/SEC-5286", }, ], }, }, cveMetadata: { assignerOrgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", assignerShortName: "Acronis", cveId: "CVE-2023-44213", datePublished: "2023-10-05T21:56:48.957Z", dateReserved: "2023-09-26T20:08:46.835Z", dateUpdated: "2024-09-10T15:48:22.536Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { nvd: "{\"cve\":{\"id\":\"CVE-2023-44213\",\"sourceIdentifier\":\"security@acronis.com\",\"published\":\"2023-10-05T22:15:12.520\",\"lastModified\":\"2024-11-21T08:25:27.287\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 35739, Acronis Cyber Protect 16 (Windows) before build 37391.\"},{\"lang\":\"es\",\"value\":\"Divulgación de información sensible debido a la recopilación excesiva de información del sistema. Los siguientes productos se ven afectados: Acronis Agent (Windows) anterior a la compilación 35739.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}],\"cvssMetricV30\":[{\"source\":\"security@acronis.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":3.3,\"baseSeverity\":\"LOW\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"security@acronis.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-359\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:acronis:agent:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"c23.06\",\"matchCriteriaId\":\"9E60A3DC-753B-453B-B288-58010A7B6E3E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]}],\"references\":[{\"url\":\"https://security-advisory.acronis.com/advisories/SEC-5286\",\"source\":\"security@acronis.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security-advisory.acronis.com/advisories/SEC-5286\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}", }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.