search
Log InSign UpSend Feedback

Advisory on Acronis Vulnerabilities

On April 29, 2024, Acronis disclosed multiple vulnerabilities in Cyber Protect Agent. As per the advisory published by Acronis, the following are the vulnerability details:

CVE ID
Vulnerability

CVE-2024-34010arrow-up-right CVE-2024-34011arrow-up-right

Related to local privilege escalation. These vulnerabilities allow an attacker to escalate their privileges.

CVE-2023-48684arrow-up-right CVE-2023-48683arrow-up-right

Manipulates sensitive information without authorization.

The most severe of these vulnerabilities is CVE-2024-34010arrow-up-right and is classified as a High severity with CVSS score of 8.2. The attack vectors related to these vulnerabilities are still not known.

hashtag
Impacted IONOS Cloud Products

Product Ranges
Product
Impacted
Mitigated
Patch Status

Storage & Backup

Backup Service

No

Not Applicable

Not Applicable

Storage & Backup

Acronis Agent for Windows, Linux, and Mac

Yes

Yes

Done

hashtag
What action has IONOS Cloud taken to mitigate the severity?

There are no signs of active exploitation resulting from these vulnerabilities. These vulnerabilities do not allow unauthorized access to IONOS Cloud users’ backup data. IONOS Cloud is already in the process of rolling out patched agents for Storage & Backup users.

hashtag
What action can you take to mitigate the vulnerability?

You can enable auto-update; the vulnerable agent is automatically updated after May 6, 2024. You can download the non-vulnerable agent from the Downloads section in the Backup Unit Management console if the auto-update is not enabled.

If you have further questions or concerns about this vulnerability, contact IONOS Cloud Supportarrow-up-right.

hashtag
References

Acronis Advisory Databasearrow-up-right

PreviousAdvisory on CVE-2024-4323NextAdvisory on CVE-2024-3094

Last updated

Was this helpful?