Описание
Code execution and sensitive information disclosure due to excessive privileges assigned to Acronis Agent. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 29486, Acronis Cyber Backup 12.5 (Windows, Linux) before build 16545.
Ссылки
- ExploitThird Party Advisory
- Vendor Advisory
- ExploitThird Party Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
Одно из
cpe:2.3:a:acronis:cyber_backup:12.5:-:*:*:*:*:*:*
cpe:2.3:a:acronis:cyber_backup:12.5:10130:*:*:*:*:*:*
cpe:2.3:a:acronis:cyber_backup:12.5:10330:*:*:*:*:*:*
cpe:2.3:a:acronis:cyber_backup:12.5:11010:*:*:*:*:*:*
cpe:2.3:a:acronis:cyber_backup:12.5:13160:*:*:*:*:*:*
cpe:2.3:a:acronis:cyber_backup:12.5:13400:*:*:*:*:*:*
cpe:2.3:a:acronis:cyber_backup:12.5:14280:*:*:*:*:*:*
cpe:2.3:a:acronis:cyber_backup:12.5:14330:*:*:*:*:*:*
cpe:2.3:a:acronis:cyber_backup:12.5:16180:*:*:*:*:*:*
cpe:2.3:a:acronis:cyber_backup:12.5:16318:*:*:*:*:*:*
cpe:2.3:a:acronis:cyber_backup:12.5:16327:*:*:*:*:*:*
cpe:2.3:a:acronis:cyber_backup:12.5:7641:*:*:*:*:*:*
cpe:2.3:a:acronis:cyber_backup:12.5:7970:*:*:*:*:*:*
cpe:2.3:a:acronis:cyber_backup:12.5:8850:*:*:*:*:*:*
cpe:2.3:a:acronis:cyber_backup:12.5:9010:*:*:*:*:*:*
cpe:2.3:a:acronis:cyber_protect:15:-:*:*:*:*:*:*
cpe:2.3:a:acronis:cyber_protect:15:update1:*:*:*:*:*:*
cpe:2.3:a:acronis:cyber_protect:15:update2:*:*:*:*:*:*
cpe:2.3:a:acronis:cyber_protect:15:update3:*:*:*:*:*:*
Одно из
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
EPSS
Процентиль: 97%
0.32194
Средний
9.3 Critical
CVSS3
8.8 High
CVSS3
Дефекты
CWE-269
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 9.3
github
почти 3 года назад
Code execution and sensitive information disclosure due to excessive privileges assigned to Acronis Agent. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 29486, Acronis Cyber Backup 12.5 (Windows, Linux) before build 16545.
EPSS
Процентиль: 97%
0.32194
Средний
9.3 Critical
CVSS3
8.8 High
CVSS3
Дефекты
CWE-269
NVD-CWE-noinfo