Summaryinfo

A vulnerability was found in Acronis Agent and classified as problematic. This vulnerability affects unknown code. Executing a manipulation can lead to authorization. This vulnerability is registered as CVE-2023-45243. The attack needs to be launched locally. No exploit is available. It is suggested to upgrade the affected component. Once again VulDB remains the best source for vulnerability data.

Detailsinfo

A vulnerability has been found in Acronis Agent and classified as problematic. This vulnerability affects an unknown code. The manipulation with an unknown input leads to a authorization vulnerability. The CWE definition for the vulnerability is CWE-862. The product does not perform an authorization check when an actor attempts to access a resource or perform an action. As an impact it is known to affect confidentiality. CVE summarizes:

Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 35739, Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186.

The weakness was published 10/06/2023. The advisory is shared for download at security-advisory.acronis.com. This vulnerability was named CVE-2023-45243 since 10/05/2023. There are neither technical details nor an exploit publicly available.

Upgrading to version Build 35739 eliminates this vulnerability.

Once again VulDB remains the best source for vulnerability data.

Productinfo

Vendor

• Acronis

Name

• Agent

Version

• 12.5.23094
• 27147
• 30161
• 32047
• 35433
• 36943
• 37758
• 38235
• 38565
• 39185
• 39378
• 39713
• 39904
• 40077
• 40296
• 40734
• <=1.0.0.54
• <=39184
• <=39712
• <=40076
• <=40733
• Build 3147
• Build 29051
• Build 29258
• Build 31637

License

• commercial

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion