CVE-2023-44152

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Acronis Cyber Protect 15 versions prior to build 35979

Description The issue is related to the lack of an authentication procedure, which can be exploited by a remote attacker to elevate their privileges. This can lead to the disclosure and manipulation of sensitive information.

Recommendations For Acronis Cyber Protect 15 versions prior to build 35979, update to a version that includes build 35979 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive information and implementing additional authentication measures until a patch is applied.

Fix

Missing Authentication

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306CWE-287

Related Identifiers

BDU:2023-06475

CVE-2023-44152

Affected Products

Acronis

Acronis Cyber Protect 15

CVE-2023-44152

Weakness Enumeration

Related Identifiers

Affected Products

References · 6