Sensitive information disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.
The vulnerability classified as CWE-1390 (Improper Authentication) means that the identity verification mechanism in the application is improperly implemented or bypassed in certain cases. An attacker can send appropriately crafted network requests without providing valid authentication credentials and still gain access to protected resources or perform unauthorized operations. The attack vector is network-based, and the attack does not require any special conditions or privileges on the attacker's side.
An attacker can gain unauthorized access to sensitive data processed by Acronis Cyber Protect and perform unauthorized modifications, threatening the confidentiality, integrity, and availability of protected resources.
Acronis Cyber Protect 17 should be updated to build 41186 or newer. Detailed information is available in the official security bulletin from the vendor at: https://security-advisory.acronis.com/advisories/SEC-9137
Acronis Cyber Protect 17 on Linux and Windows systems in versions prior to build 41186.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HAcronis Cyber Protect
APPAcronis< 17.0.41186Linux Kernel
OSLinuxwszystkie wersjeMicrosoft Windows
OSMicrosoftwszystkie wersje
Related vulnerabilities
Atak na łańcuch dostaw DAEMON Tools Lite — trojanizacja instalatorów
Type confusion w V8 (Google Chrome) — zdalne uszkodzenie sterty
Commvault Command Center – nieuwierzytelniony RCE przez path traversal w ZIP
Path Traversal w Kingsoft WPS Office — ładowanie dowolnej biblioteki Windows
PHP CGI argument injection – RCE na Windows przez mechanizm Best-Fit