Advisory on CVE-2023-45247

Sensitive information disclosure and manipulation due to missing authorization

On October 9, 2023, Acronis disclosed a vulnerability in its Acronis Agent for Linux, Mac, and Windows. This vulnerability may allow an unauthorized attacker to view and manipulate antivirus and antimalware protection plans applied to a specific agent. CVE-2023-45247 ID has been assigned to this vulnerability and classified as having high severity.

Impacted IONOS Cloud Products

What action has IONOS Cloud taken to mitigate the severity?

IONOS and Acronis are in constant communication to gain a deeper understanding of this vulnerability and also ensure that:

• There are no signs of active exploitation resulting from the vulnerability. For more information, see Acronis Cyber Protect Cloud Agent update C23.10.

• The vulnerability does not allow unauthorized access to IONOS Cloud customers’ backup data. IONOS Cloud will publish the non-vulnerable versions of agents when Acronis shares the information, estimated to be by the end of November 2023.

How can I get help?

If you have further questions or concerns about this vulnerability, contact IONOS Cloud Support.