Here is a list of vulnerabilities detected in 2023:
On August 8th, 2023, Advanced Micro Devices (AMD) disclosed a vulnerability in its recent computer processor microarchitecture. This vulnerability, known as the Return Form Procedure (RET) Speculation or Inception, may allow an attacker to obtain sensitive information from a system.
If an attacker can exploit this vulnerability, they could potentially exfiltrate information contained within different security contexts such as other or even the host device.
The CVE ID is assigned to this vulnerability and classified as a medium severity by AMD.
Compute Services
Yes
Yes
Done
Compute Services
Yes
Yes
Done
IONOS Cloud is committed to the privacy and security of our customers' data. We are aware of this vulnerability and have already initiated the required steps to mitigate this vulnerability. We are also investigating the exposure and risk of this vulnerability for our customer’s products and instances.
We will provide necessary updates as we learn more.
If you have further questions or concerns about this vulnerability, contact IONOS Cloud Support.
Storage & Backup
No
Not applicable
Not applicable
Storage & Backup
Acronis Agent for Windows
Yes
Yes
Done
The IONOS Cloud team constantly communicates with Acronis and will soon allow customers to download the patched Windows agent. Acronis has ensured no active sign of exploitation, and IONOS Cloud customer backups do not have an impact due to this vulnerability. For more information, see Acronis Cyber Protect Cloud Agent update C23.10.
IONOS Cloud will publish the non-vulnerable versions of agents when Acronis shares the information, estimated to be by the end of November 2023.
If you have further questions or concerns about this vulnerability, contact IONOS Cloud Support.
Compute Services
Yes
Yes
Done
On November 14th, 2023, Intel disclosed a vulnerability in its recent computer processor microarchitecture. This vulnerability, known as Redundant REX Prefix, may allow an attacker to confuse the system, resulting in unpredictable behavior. If an attacker successfully exploits this vulnerability, they could crash or hang the target system and, in some scenarios, allow an escalation of privilege, which may allow an attacker to obtain sensitive information from the system. This vulnerability is assigned CVE ID CVE-2023-23583 and has been given a high severity of 8.8 score by Intel.
Compute Services
Yes
Yes
Done
Compute Services
Yes
Yes
Done
IONOS Cloud is committed to the privacy and security of our customers' data. We have already completed the required steps to mitigate this vulnerability by upgrading the affected systems' firmware. IONOS Cloud owns the patching responsibility, and no action is required from the customer.
If you have further questions or concerns about this vulnerability, contact IONOS Cloud Support.
On October 9, 2023, Acronis disclosed a vulnerability in its Acronis Agent for Linux, Mac, and Windows. This vulnerability may allow an unauthorized attacker to view and manipulate antivirus and antimalware protection plans applied to a specific agent. CVE-2023-45247 ID has been assigned to this vulnerability and classified as having high severity.
IONOS and Acronis are in constant communication to gain a deeper understanding of this vulnerability and also ensure that:
There are no signs of active exploitation resulting from the vulnerability. For more information, see .
The vulnerability does not allow unauthorized access to IONOS Cloud customers’ backup data. IONOS Cloud will publish the non-vulnerable versions of agents when Acronis shares the information, estimated to be by the end of November 2023.
If you have further questions or concerns about this vulnerability, contact .
Storage & Backup
No
Not applicable
Not applicable
Storage & Backup
Acronis Agent for Windows, Linux, and Mac
Yes
Yes
Done
On August 8th, 2023, Intel disclosed a vulnerability in its recent computer processor microarchitecture. This vulnerability, known as "Gather Data Sampling (GDS)" or "Downfall", may allow an attacker to obtain sensitive information from a system. This vulnerability is assigned CVE ID as CVE-2022-40982 and has been given a medium severity by Intel.
CVE-2022-40982 is a transient execution side-channel vulnerability that affects Intel® Core processors from the 6th Generation (Skylake) to the 11th Generation (Tiger Lake). It allows an attacker with local access to infer stale data from previously used vector registers on the same physical core. A detailed description can be found in the .
If an attacker is able to exploit this vulnerability, they could potentially exfiltrate information contained within different security contexts (i.e., other virtual machines or even the host device).
IONOS Cloud is committed to the privacy and security of our customers' data. We are aware of this vulnerability and have already initiated the required steps to mitigate this vulnerability. We are also investigating the exposure and risk of this vulnerability for our customer’s products and instances.
We will provide necessary updates as we learn more.
If you have further questions or concerns about this vulnerability, contact .
Yes
Yes
Done
Compute Services
Yes
Yes
Done
Compute Services
Yes
Yes
Done
Compute Services