PT-2024-33497 · Acronis · Acronis Cyber Protect
Published
2024-10-15
·
Updated
2025-02-04
·
CVE-2024-49383
CVSS v3.1
4.3
Medium
| Vector | AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Acronis Cyber Protect 16 versions prior to build 38690
Description
The issue is related to an excessive attack surface in the acep-importer service due to binding to an unrestricted IP address. This could potentially lead to system compromise.
Recommendations
For Acronis Cyber Protect 16 versions prior to build 38690, upgrade the affected component to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the acep-importer service to minimize the risk of exploitation.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Acronis Cyber Protect