Advisory on Acronis Vulnerabilities

On April 29, 2024, Acronis disclosed multiple vulnerabilities in Cyber Protect Agent. As per the advisory published by Acronis, the following are the vulnerability details:

CVE IDVulnerability

Related to local privilege escalation. These vulnerabilities allow an attacker to escalate their privileges.

Manipulates sensitive information without authorization.

The most severe of these vulnerabilities is CVE-2024-34010 and is classified as a High severity with CVSS score of 8.2. The attack vectors related to these vulnerabilities are still not known.

Impacted IONOS Cloud Products

Product RangesProductImpactedMitigatedPatch Status

Storage & Backup

No

Not Applicable

Not Applicable

Storage & Backup

Acronis Agent for Windows, Linux, and Mac

Yes

In Progress

May 6, 2024

What action has IONOS Cloud taken to mitigate the severity?

There are no signs of active exploitation resulting from these vulnerabilities. These vulnerabilities do not allow unauthorized access to IONOS Cloud users’ backup data. IONOS Cloud is already in the process of rolling out patched agents for Storage & Backup users.

What action can you take to mitigate the vulnerability?

You can enable auto-update; the vulnerable agent is automatically updated after May 6, 2024. You can download the non-vulnerable agent from the Downloads section in the Backup Unit Management console if the auto-update is not enabled.

If you have further questions or concerns about this vulnerability, contact IONOS Cloud Support.

References

Acronis Advisory Database

Last updated