Code execution and sensitive information disclosure due to excessive privileges assigned to Acronis Agent. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 29486, Acronis Cyber Backup 12.5 (Windows, Linux) before build 16545.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Cyber_backup | Acronis | 12.5 (including) | 12.5 (including) |
| Cyber_backup | Acronis | 12.5-10130 (including) | 12.5-10130 (including) |
| Cyber_backup | Acronis | 12.5-10330 (including) | 12.5-10330 (including) |
| Cyber_backup | Acronis | 12.5-11010 (including) | 12.5-11010 (including) |
| Cyber_backup | Acronis | 12.5-13160 (including) | 12.5-13160 (including) |
| Cyber_backup | Acronis | 12.5-13400 (including) | 12.5-13400 (including) |
| Cyber_backup | Acronis | 12.5-14280 (including) | 12.5-14280 (including) |
| Cyber_backup | Acronis | 12.5-14330 (including) | 12.5-14330 (including) |
| Cyber_backup | Acronis | 12.5-16180 (including) | 12.5-16180 (including) |
| Cyber_backup | Acronis | 12.5-16318 (including) | 12.5-16318 (including) |
| Cyber_backup | Acronis | 12.5-16327 (including) | 12.5-16327 (including) |
| Cyber_backup | Acronis | 12.5-7641 (including) | 12.5-7641 (including) |
| Cyber_backup | Acronis | 12.5-7970 (including) | 12.5-7970 (including) |
| Cyber_backup | Acronis | 12.5-8850 (including) | 12.5-8850 (including) |
| Cyber_backup | Acronis | 12.5-9010 (including) | 12.5-9010 (including) |
| Cyber_protect | Acronis | 15 (including) | 15 (including) |
| Cyber_protect | Acronis | 15-update1 (including) | 15-update1 (including) |
| Cyber_protect | Acronis | 15-update2 (including) | 15-update2 (including) |
| Cyber_protect | Acronis | 15-update3 (including) | 15-update3 (including) |