Acronis warns of vulnerabilities in the all-round security software Cyber Protect, which emerged from Acronis True Image. Attackers could misuse it to escalate their privileges or access and even modify information without authorization. Updated software closes the security leaks.
Advertisement
There are only two vulnerabilities in the Cyber Protect Cloud Agent for Windows that allow malicious actors to extend their rights to the system. Acronis does not provide any more in-depth information, but it is Elevation of privileges based on a search path without quotes (unquoted search path) possible (CVE-2024-34010, CVSS 8.2“Risk”high“). In addition, some Unsafe rights assigned to folderswhich also allows for the expansion of authority in the system (CVE-2024-34011, CVSS 6.8, medium).
Acronis agent vulnerable on Linux, macOS and Windows
Missing authorizations that are not explained in more detail can lead to the leakage or even manipulation of sensitive information (CVE-2023-48683,CVE-2023-48684both CVSS 7.1, high). It remains unclear what attacks on the gaps might look like.
The update C24.04 for Acronis Cyber Protect Cloud Agent should improve the weak points. After logging in to the company’s website, the updated software can be downloaded in the customer account. Since three of the security holes were classified as high risk, a quick update is recommended. According to the release notes This upgrades the clients to Acronis Cyber Protection Agent for Linux, Mac and Windows v.24.4.37758 – which is also mentioned in the security notices as the version that corrects the security-related errors.
Acronis last patched vulnerabilities in the Acronis Agent around last October. There, the company’s developers closed two security holes with version C23.10: one that was classified as high risk and one that was classified as medium threat.
(dmk)