CVE-2023-41749 – This vulnerability in Acronis Agent and Cyber P... (How to Fix)

Q: What is the severity of CVE-2023-41749?

CVE-2023-41749 has a CVSS score of 7.5 (HIGH). This vulnerability in Acronis Agent and Cyber Protect for Windows allows attackers to access sensitive system information through excessive data collection. It affects Windows systems running vulnerable versions of these Acronis products. The information disclosure could expose system details that might aid further attacks.

📋 TL;DR

This vulnerability in Acronis Agent and Cyber Protect for Windows allows attackers to access sensitive system information through excessive data collection. It affects Windows systems running vulnerable versions of these Acronis products. The information disclosure could expose system details that might aid further attacks.

💻 Affected Systems

Products:

Acronis Agent (Windows)
Acronis Cyber Protect 15 (Windows)

Versions: Acronis Agent before build 32047, Acronis Cyber Protect 15 before build 35979

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Windows versions of these products. Linux and macOS versions are not vulnerable.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers obtain detailed system information that could be used for targeted attacks, privilege escalation, or lateral movement within the network.

🟠

Likely Case

Unauthorized access to system configuration data, potentially revealing network information, installed software, or system settings.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls preventing unauthorized access to the vulnerable components.

🌐 Internet-Facing: MEDIUM - While the vulnerability requires access to the affected service, internet-facing systems could be targeted if the service is exposed.

🏢 Internal Only: HIGH - Internal attackers or compromised systems could exploit this to gather reconnaissance data for lateral movement.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

The vulnerability involves accessing an endpoint that collects excessive system information. No authentication bypass is mentioned, but the advisory doesn't specify exact access requirements.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Acronis Agent build 32047 or later, Acronis Cyber Protect 15 build 35979 or later

Vendor Advisory: https://security-advisory.acronis.com/advisories/SEC-5287

Restart Required: Yes

Instructions:

1. Download the latest version from Acronis portal. 2. Install the update on affected systems. 3. Restart the Acronis services or the system as required.

🔧 Temporary Workarounds

Network Access Restriction

windows

Restrict network access to Acronis services to only trusted hosts and networks

Use Windows Firewall to block inbound connections to Acronis Agent ports from untrusted networks

Service Account Hardening

windows

Ensure Acronis services run with minimal necessary privileges

Check service account permissions in Services.msc and reduce to least privilege

🧯 If You Can't Patch

Implement strict network segmentation to isolate systems running vulnerable Acronis products
Monitor network traffic to/from Acronis services for unusual data collection patterns

🔍 How to Verify

Check if Vulnerable:

Check Acronis Agent version via Control Panel > Programs and Features, or check Cyber Protect version in the application interface

Check Version:

For Acronis Agent: Check 'Acronis Agent' version in Programs and Features. For Cyber Protect: Check version in the application dashboard.

Verify Fix Applied:

Verify the installed version meets or exceeds the patched build numbers: 32047 for Agent, 35979 for Cyber Protect 15

📡 Detection & Monitoring

Log Indicators:

Unusual access patterns to Acronis service endpoints
Large data transfers from Acronis services

Network Indicators:

Excessive data requests to Acronis service ports
Unusual connections to Acronis services from unauthorized sources

SIEM Query:

source="acronis*" AND (event_type="data_collection" OR bytes_transferred>threshold) | stats count by src_ip, dest_ip

📊 Metadata

CVE ID: CVE-2023-41749

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-200

Published: August 31, 2023

Last Updated: November 21, 2024

🔗 References

https://security-advisory.acronis.com/advisories/SEC-5287 Vendor Advisory
https://security-advisory.acronis.com/advisories/SEC-5287 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-41749, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Agent by Acronis

Cyber Protect by Acronis

Cyber Protect by Acronis

Cyber Protect by Acronis

Cyber Protect by Acronis

Cyber Protect by Acronis

Cyber Protect by Acronis

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Network Access Restriction

Service Account Hardening

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities