Advisory on Acronis Vulnerabilities
On April 29, 2024, Acronis disclosed multiple vulnerabilities in Cyber Protect Agent. As per the advisory published by Acronis, the following are the vulnerability details:
| CVE ID | Vulnerability |
|---|---|
Related to local privilege escalation. These vulnerabilities allow an attacker to escalate their privileges. | |
Manipulates sensitive information without authorization. |
The most severe of these vulnerabilities is CVE-2024-34010 and is classified as a High severity with CVSS score of 8.2. The attack vectors related to these vulnerabilities are still not known.
Impacted IONOS Cloud Products
| Product Ranges | Product | Impacted | Mitigated | Patch Status |
|---|---|---|---|---|
Storage & Backup | No | Not Applicable | Not Applicable | |
Storage & Backup | Acronis Agent for Windows, Linux, and Mac | Yes | In Progress | May 6, 2024 |
What action has IONOS Cloud taken to mitigate the severity?
There are no signs of active exploitation resulting from these vulnerabilities. These vulnerabilities do not allow unauthorized access to IONOS Cloud users’ backup data. IONOS Cloud is already in the process of rolling out patched agents for Storage & Backup users.
What action can you take to mitigate the vulnerability?
You can enable auto-update; the vulnerable agent is automatically updated after May 6, 2024. You can download the non-vulnerable agent from the Downloads section in the Backup Unit Management console if the auto-update is not enabled.
If you have further questions or concerns about this vulnerability, contact IONOS Cloud Support.
References
Last updated