Three New Security Vulnerabilities Found in Acronis Agent
Acronis has announced the discovery of three new security vulnerabilities in Acronis Agent. These vulnerabilities affect all platforms (Linux, macOS, and Windows) of Acronis Agent prior to build 36343.
CVE-2023-45245, CVE-2023-45244, and CVE-2023-45246, all three vulnerabilities are related to sensitive information disclosure. An attacker who exploits these vulnerabilities could steal sensitive information from an affected system, such as user names, passwords, credit card information, and other payment information.
CVE-2023-45245
CVE-2023-45245 is a security vulnerability found in the Linux and Windows versions of Acronis Agent. This vulnerability could cause Acronis Agent to misinterpret certain commands. This could allow an attacker to disclose sensitive information from an affected system.
To exploit this vulnerability, an attacker could send a command to an affected system. This command could force Acronis Agent to create a file containing sensitive information or send it over a network connection.
CVE-2023-45244
CVE-2023-45244 is a security vulnerability found in the macOS versions of Acronis Agent. This vulnerability could cause Acronis Agent to misinterpret certain commands. This could allow an attacker to disclose sensitive information from an affected system.
To exploit this vulnerability, an attacker could send a command to an affected system. This command could force Acronis Agent to create a file containing sensitive information or send it over a network connection.
CVE-2023-45246
CVE-2023-45246 is a security vulnerability found in all platforms of Acronis Agent. This vulnerability could cause Acronis Agent to misinterpret certain commands. This could allow an attacker to disclose sensitive information from an affected system.
To exploit this vulnerability, an attacker could send a command to an affected system. This command could force Acronis Agent to create a file containing sensitive information or send it over a network connection.
Impact of the Vulnerabilities
An attacker who exploits these vulnerabilities could steal the following sensitive information from an affected system:
User names
Passwords
Credit card information
Other payment information
Medical records
Personal information
Business secrets
This information could be used by the attacker for identity theft, fraud, or other criminal activities.
Mitigation of the Vulnerabilities
Affected users are encouraged to upgrade to version of Acronis Agent.
Recommendations
Affected users should take the following precautions:
Upgrade to the latest version of Acronis Agent.
Install the latest security updates for all systems and software.
Use strong passwords and change them regularly.
Connect to your company network using a secure VPN when working remotely.
Do not open or click on suspicious emails or attachments.
Back up your systems and data regularly.
Conclusion
These three new security vulnerabilities in Acronis Agent pose a risk of sensitive information disclosure. Affected users are encouraged to upgrade to the latest version of Acronis Agent and take the above other precautions.
Additional Information
These vulnerabilities are related to the following functions of Acronis Agent:
Backups: Acronis Agent is used to back up systems and data. These vulnerabilities could allow an attacker to steal sensitive information from backup files.
Network shares: Acronis Agent is used to share files and folders between systems. These vulnerabilities could allow an attacker to steal sensitive information from network shares.
Analysis
These vulnerabilities are serious and could have a significant impact on organizations that use Acronis Agent. Organizations should take immediate steps to mitigate these vulnerabilities by upgrading to the latest version of Acronis Agent and taking the above other precautions.