On April 29, 2024, Acronis disclosed multiple vulnerabilities in Cyber Protect Agent. As per the advisory published by Acronis, the following are the vulnerability details:
Related to local privilege escalation. These vulnerabilities allow an attacker to escalate their privileges.
Manipulates sensitive information without authorization.
The most severe of these vulnerabilities is CVE-2024-34010 and is classified as a High severity with CVSS score of 8.2. The attack vectors related to these vulnerabilities are still not known.
Storage & Backup
No
Not Applicable
Not Applicable
Storage & Backup
Acronis Agent for Windows, Linux, and Mac
Yes
In Progress
May 6, 2024
There are no signs of active exploitation resulting from these vulnerabilities. These vulnerabilities do not allow unauthorized access to IONOS Cloud users’ backup data. IONOS Cloud is already in the process of rolling out patched agents for Storage & Backup users.
You can enable auto-update; the vulnerable agent is automatically updated after May 6, 2024. You can download the non-vulnerable agent from the Downloads section in the Backup Unit Management console if the auto-update is not enabled.
If you have further questions or concerns about this vulnerability, contact IONOS Cloud Support.