CVE-2023-48676

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-48676
Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 36943.

7.1 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://security-advisory.acronis.com/advisories/SEC-5905 Vendor Advisory
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:acronis:cyber_protect_cloud_agent:21:update12:*:*:*:*:*:*
cpe:2.3:a:acronis:cyber_protect_cloud_agent:21:update3:*:*:*:*:*:*
cpe:2.3:a:acronis:cyber_protect_cloud_agent:21:update6:*:*:*:*:*:*
cpe:2.3:a:acronis:cyber_protect_cloud_agent:21:update7:*:*:*:*:*:*
cpe:2.3:a:acronis:cyber_protect_cloud_agent:22:update10:*:*:*:*:*:*
cpe:2.3:a:acronis:cyber_protect_cloud_agent:22:update11:*:*:*:*:*:*
cpe:2.3:a:acronis:cyber_protect_cloud_agent:22:update2:*:*:*:*:*:*
cpe:2.3:a:acronis:cyber_protect_cloud_agent:22:update3:*:*:*:*:*:*
cpe:2.3:a:acronis:cyber_protect_cloud_agent:22:update5:*:*:*:*:*:*
cpe:2.3:a:acronis:cyber_protect_cloud_agent:22:update7:*:*:*:*:*:*
cpe:2.3:a:acronis:cyber_protect_cloud_agent:22:update8:*:*:*:*:*:*
cpe:2.3:a:acronis:cyber_protect_cloud_agent:22:update9:*:*:*:*:*:*
cpe:2.3:a:acronis:cyber_protect_cloud_agent:23:uddate1:*:*:*:*:*:*
cpe:2.3:a:acronis:cyber_protect_cloud_agent:23:update10:*:*:*:*:*:*
cpe:2.3:a:acronis:cyber_protect_cloud_agent:23:update11:*:*:*:*:*:*
cpe:2.3:a:acronis:cyber_protect_cloud_agent:23:update12:*:*:*:*:*:*
cpe:2.3:a:acronis:cyber_protect_cloud_agent:23:update2:*:*:*:*:*:*
cpe:2.3:a:acronis:cyber_protect_cloud_agent:23:update3:*:*:*:*:*:*
cpe:2.3:a:acronis:cyber_protect_cloud_agent:23:update5:*:*:*:*:*:*
cpe:2.3:a:acronis:cyber_protect_cloud_agent:23:update6:*:*:*:*:*:*
cpe:2.3:a:acronis:cyber_protect_cloud_agent:23:update7:*:*:*:*:*:*
cpe:2.3:a:acronis:cyber_protect_cloud_agent:23:update8:*:*:*:*:*:*
cpe:2.3:a:acronis:cyber_protect_cloud_agent:23:update9:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
History

19 Dec 2023, 14:20

Type Values Removed Values Added
References () https://security-advisory.acronis.com/advisories/SEC-5905 - () https://security-advisory.acronis.com/advisories/SEC-5905 - Vendor Advisory
CPE cpe:2.3:a:acronis:cyber_protect_cloud_agent:23:update3:*:*:*:*:*:*
cpe:2.3:a:acronis:cyber_protect_cloud_agent:21:update6:*:*:*:*:*:*
cpe:2.3:a:acronis:cyber_protect_cloud_agent:22:update10:*:*:*:*:*:*
cpe:2.3:a:acronis:cyber_protect_cloud_agent:22:update5:*:*:*:*:*:*
cpe:2.3:a:acronis:cyber_protect_cloud_agent:22:update9:*:*:*:*:*:*
cpe:2.3:a:acronis:cyber_protect_cloud_agent:21:update3:*:*:*:*:*:*
cpe:2.3:a:acronis:cyber_protect_cloud_agent:23:update12:*:*:*:*:*:*
cpe:2.3:a:acronis:cyber_protect_cloud_agent:23:update10:*:*:*:*:*:*
cpe:2.3:a:acronis:cyber_protect_cloud_agent:23:update5:*:*:*:*:*:*
cpe:2.3:a:acronis:cyber_protect_cloud_agent:23:update9:*:*:*:*:*:*
cpe:2.3:a:acronis:cyber_protect_cloud_agent:21:update12:*:*:*:*:*:*
cpe:2.3:a:acronis:cyber_protect_cloud_agent:23:uddate1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
cpe:2.3:a:acronis:cyber_protect_cloud_agent:23:update6:*:*:*:*:*:*
cpe:2.3:a:acronis:cyber_protect_cloud_agent:23:update7:*:*:*:*:*:*
cpe:2.3:a:acronis:cyber_protect_cloud_agent:22:update8:*:*:*:*:*:*
cpe:2.3:a:acronis:cyber_protect_cloud_agent:21:update7:*:*:*:*:*:*
cpe:2.3:a:acronis:cyber_protect_cloud_agent:22:update11:*:*:*:*:*:*
cpe:2.3:a:acronis:cyber_protect_cloud_agent:23:update8:*:*:*:*:*:*
cpe:2.3:a:acronis:cyber_protect_cloud_agent:23:update2:*:*:*:*:*:*
cpe:2.3:a:acronis:cyber_protect_cloud_agent:22:update3:*:*:*:*:*:*
cpe:2.3:a:acronis:cyber_protect_cloud_agent:22:update2:*:*:*:*:*:*
cpe:2.3:a:acronis:cyber_protect_cloud_agent:23:update11:*:*:*:*:*:*
cpe:2.3:a:acronis:cyber_protect_cloud_agent:22:update7:*:*:*:*:*:*
Summary
  • (es) Divulgación y manipulación de información sensible por falta de autorización. Los siguientes productos se ven afectados: Acronis Cyber Protect Cloud Agent (Windows) anterior a la compilación 36943.
First Time Microsoft windows
Acronis
Acronis cyber Protect Cloud Agent
Microsoft
CVSS v2 : unknown
v3 : 3.3 		v2 : unknown
v3 : 7.1

14 Dec 2023, 14:15

Type Values Removed Values Added
New CVE
Information

Published : 2023-12-14 14:15

Updated : 2023-12-19 14:20

NVD link : CVE-2023-48676

Mitre link : CVE-2023-48676

CVE.ORG link : CVE-2023-48676

JSON object : View

Products Affected

microsoft

  • windows

acronis

  • cyber_protect_cloud_agent
CWE
CWE-862

Missing Authorization