PT-2024-9769 · Directadmin+3 · Directadmin+5
Milos Colakovic
+1
·
Published
2024-04-29
·
Updated
2025-02-27
·
CVE-2024-34014
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions:
Acronis Backup plugin for cPanel & WHM (Linux) versions before build 818
Acronis Backup extension for Plesk (Linux) versions before build 599
Acronis Backup plugin for DirectAdmin (Linux) versions before build 181
Description:
The issue is related to arbitrary file overwrite during recovery due to improper symbolic link handling. This can allow a remote attacker to elevate their privileges.
Recommendations:
For Acronis Backup plugin for cPanel & WHM (Linux) versions before build 818, update to build 818 or later.
For Acronis Backup extension for Plesk (Linux) versions before build 599, update to build 599 or later.
For Acronis Backup plugin for DirectAdmin (Linux) versions before build 181, update to build 181 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Acronis Backup Extension For Plesk
Acronis Backup Plugin For Directadmin
Acronis Backup Plugin For Cpanel & Whm
Directadmin
Plesk
Cpanel & Whm