Lucene search

K
cveAcronisCVE-2023-44212
HistoryOct 05, 2023 - 10:15 p.m.

CVE-2023-44212

2023-10-0522:15:12
CWE-862
Acronis
web.nvd.nist.gov
35
cve-2023-44212
sensitive information disclosure
missing authorization
acronis agent

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

AI Score

6.9

Confidence

High

EPSS

0

Percentile

9.0%

Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 31477.

Affected configurations

Nvd
Node
acronisagentRange<c23.01
AND
applemacosMatch-
OR
linuxlinux_kernelMatch-
OR
microsoftwindowsMatch-
VendorProductVersionCPE
acronisagent*cpe:2.3:a:acronis:agent:*:*:*:*:*:*:*:*
applemacos-cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
linuxlinux_kernel-cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
microsoftwindows-cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

CNA Affected

[
  {
    "vendor": "Acronis",
    "product": "Acronis Agent",
    "platforms": [
      "Linux",
      "macOS",
      "Windows"
    ],
    "versions": [
      {
        "version": "unspecified",
        "status": "affected",
        "lessThan": "31477",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

AI Score

6.9

Confidence

High

EPSS

0

Percentile

9.0%

Related for CVE-2023-44212