IT security solution Acronis Cyber Protect Cloud Agent is vulnerable
A security update closes a vulnerability in Acronis Cyber Protect Cloud Agent.
(Image: Sashkin/Shutterstock.com)
Attackers can access Windows systems with Acronis Cyber Protect Cloud Agent and gain higher user rights, among other things. A security patch is available for download.
Security vulnerability
According to a warning message, the starting point is a vulnerability with a threat level of"high" (CVE-205-9578). Obviously, the assignment of rights for certain resources is not completely clean, and an attacker can start at this point.
If an attack succeeds, attackers can manipulate data and gain higher user rights, among other things. It is not yet clear how such an incident could take place in detail. There is currently no evidence of ongoing attacks.
Videos by heise
A security researcher reported the vulnerability via the bug bounty platform Hackerone and received 250 US dollars in return.
The developers assure that they have prepared version C25.08 of Acronis Cyber Protect against the described attack. However, all versions up to and including build 40734 are said to be vulnerable.
Back in June of this year, the developers patched a "critical" vulnerability in Acronis Cyber Protect.
(des)
