Code execution and sensitive information disclosure due to excessive privileges assigned to Acronis Agent. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 29486, Acronis Cyber Backup 12.5 (Windows, Linux) before build 16545.
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Cyber_backup | Acronis | 12.5 (including) | 12.5 (including) |
| Cyber_backup | Acronis | 12.5-10130 (including) | 12.5-10130 (including) |
| Cyber_backup | Acronis | 12.5-10330 (including) | 12.5-10330 (including) |
| Cyber_backup | Acronis | 12.5-11010 (including) | 12.5-11010 (including) |
| Cyber_backup | Acronis | 12.5-13160 (including) | 12.5-13160 (including) |
| Cyber_backup | Acronis | 12.5-13400 (including) | 12.5-13400 (including) |
| Cyber_backup | Acronis | 12.5-14280 (including) | 12.5-14280 (including) |
| Cyber_backup | Acronis | 12.5-14330 (including) | 12.5-14330 (including) |
| Cyber_backup | Acronis | 12.5-16180 (including) | 12.5-16180 (including) |
| Cyber_backup | Acronis | 12.5-16318 (including) | 12.5-16318 (including) |
| Cyber_backup | Acronis | 12.5-16327 (including) | 12.5-16327 (including) |
| Cyber_backup | Acronis | 12.5-7641 (including) | 12.5-7641 (including) |
| Cyber_backup | Acronis | 12.5-7970 (including) | 12.5-7970 (including) |
| Cyber_backup | Acronis | 12.5-8850 (including) | 12.5-8850 (including) |
| Cyber_backup | Acronis | 12.5-9010 (including) | 12.5-9010 (including) |
| Cyber_protect | Acronis | 15 (including) | 15 (including) |
| Cyber_protect | Acronis | 15-update1 (including) | 15-update1 (including) |
| Cyber_protect | Acronis | 15-update2 (including) | 15-update2 (including) |
| Cyber_protect | Acronis | 15-update3 (including) | 15-update3 (including) |