Advisory on CVE-2023-45247

Sensitive information disclosure and manipulation due to missing authorization

On October 9, 2023, Acronis disclosed a vulnerability in its Acronis Agent for Linux, Mac, and Windows. This vulnerability may allow an unauthorized attacker to view and manipulate antivirus and antimalware protection plans applied to a specific agent. CVE-2023-45247 ID has been assigned to this vulnerability and classified as having high severity.

Impacted IONOS Cloud Products

Product Ranges
Product
Impacted
Mitigated
Patch Status

Managed Services

Backup Service

No

Not applicable

Not applicable

Managed Services

Acronis Agent for Windows, Linux, and Mac

Yes

No

Will be available in late November

What action has IONOS Cloud taken to mitigate the severity?

IONOS and Acronis are in constant communication to gain a deeper understanding of this vulnerability and also ensure that:

  • There are no signs of active exploitation resulting from the vulnerability. For more information, see Acronis Cyber Protect Cloud Agent update C23.10.

  • The vulnerability does not allow unauthorized access to IONOS Cloud customers’ backup data. IONOS Cloud will publish the non-vulnerable versions of agents when Acronis shares the information, estimated to be by the end of November 2023.

How can I get help?

If you have further questions or concerns about this vulnerability, contact IONOS Cloud Support.

Last updated

Revision created

fixed broken links