PT-2024-33498 · Acronis · Acronis Cyber Protect
Published
2024-10-15
·
Updated
2025-02-04
·
CVE-2024-49384
CVSS v3.1
4.3
Medium
| Vector | AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Acronis Cyber Protect 16 versions prior to build 38690
Description
The issue is related to an excessive attack surface in the acep-collector service due to binding to an unrestricted IP address.
Recommendations
For Acronis Cyber Protect 16 versions prior to build 38690, update to build 38690 or later to resolve the issue. As a temporary workaround, consider restricting access to the acep-collector service to minimize the risk of exploitation.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Acronis Cyber Protect