# Advisory on Acronis Vulnerabilities
On April 29, 2024, Acronis disclosed multiple vulnerabilities in Cyber Protect Agent. As per the advisory published by Acronis, the following are the vulnerability details:
| CVE ID | Vulnerability |
| ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------ |
| [CVE-2024-34010](https://security-advisory.acronis.com/advisories/SEC-7110) [CVE-2024-34011](https://security-advisory.acronis.com/advisories/SEC-7171) | Related to local privilege escalation. These vulnerabilities allow an attacker to escalate their privileges. |
| [CVE-2023-48684](https://security-advisory.acronis.com/advisories/SEC-6021) [CVE-2023-48683](https://security-advisory.acronis.com/advisories/SEC-5899) | Manipulates sensitive information without authorization. |
The most severe of these vulnerabilities is [CVE-2024-34010](https://security-advisory.acronis.com/advisories/SEC-7110) and is classified as a **High** severity with CVSS score of **8.2**. The attack vectors related to these vulnerabilities are still not known.
## Impacted IONOS Cloud Products
| Product Ranges | Product | Impacted | Mitigated | Patch Status |
| ---------------- | ---------------------------------------------------------------------------------------------- | -------- | -------------- | -------------- |
| Backup & Storage | [Backup Service](/cloud/backup-and-storage/backup-service.md) | No | Not Applicable | Not Applicable |
| Backup & Storage | Acronis Agent for Windows, Linux, and Mac | Yes | Yes | Done |
## What action has IONOS Cloud taken to mitigate the severity?
There are no signs of active exploitation resulting from these vulnerabilities. These vulnerabilities do not allow unauthorized access to IONOS Cloud users’ backup data. IONOS Cloud is already in the process of rolling out patched agents for Backup & Storage users.
## What action can you take to mitigate the vulnerability?
You can enable auto-update; the vulnerable agent is automatically updated after May 6, 2024. You can download the non-vulnerable agent from the **Downloads** section in the [Backup Unit Management](/cloud/backup-and-storage/backup-service/how-tos/manage-backup-units.md) console if the auto-update is not enabled.
If you have further questions or concerns about this vulnerability, contact [IONOS Cloud Support](https://docs.ionos.com/cloud/support/general-information/contact-information).
## References
[Acronis Advisory Database](https://security-advisory.acronis.com/advisories)
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.ionos.com/cloud/security-safeguards/vulnerability-register/2024/acronis-vulnerabilities.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.