CVE-2023-45244
📋 TL;DR
This vulnerability allows unauthorized access to sensitive information and potential manipulation due to missing authorization checks in Acronis Cyber Protect products. Attackers could access or modify protected data without proper credentials. Affected users include those running vulnerable versions of Acronis Cyber Protect Cloud Agent or Acronis Cyber Protect 16.
💻 Affected Systems
- Acronis Cyber Protect Cloud Agent
- Acronis Cyber Protect 16
📦 What is this software?
Agent by Acronis
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of protected backup data including exfiltration, deletion, or ransomware encryption of backup archives.
Likely Case
Unauthorized viewing of sensitive backup contents and metadata, potentially exposing confidential information.
If Mitigated
Limited impact with proper network segmentation and access controls preventing unauthorized network access to the agent.
🎯 Exploit Status
Exploitation requires network access to the agent but no authentication. The vulnerability is in authorization logic, not authentication.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Acronis Cyber Protect Cloud Agent build 35895+, Acronis Cyber Protect 16 build 37391+
Vendor Advisory: https://security-advisory.acronis.com/advisories/SEC-5907
Restart Required: Yes
Instructions:
1. Update Acronis Cyber Protect Cloud Agent to build 35895 or later. 2. Update Acronis Cyber Protect 16 to build 37391 or later. 3. Restart the agent/service after update.
🔧 Temporary Workarounds
Network Segmentation
allRestrict network access to Acronis agents using firewall rules to only allow connections from authorized management systems.
Access Control Lists
allImplement strict access controls on systems running vulnerable agents to limit who can interact with the agent services.
🧯 If You Can't Patch
- Implement strict network segmentation to isolate Acronis agents from untrusted networks
- Monitor agent logs for unauthorized access attempts and implement alerting
🔍 How to Verify
Check if Vulnerable:
Check the agent version in Acronis management console or run 'acronis_agent --version' on the system.Check Version:
acronis_agent --version (Linux/macOS) or check Programs and Features (Windows)Verify Fix Applied:
Confirm version is at or above build 35895 for Cloud Agent or 37391 for Cyber Protect 16.📡 Detection & Monitoring
Log Indicators:
- Unauthorized access attempts to agent services
- Unexpected data access patterns in backup logs
Network Indicators:
- Unusual network connections to agent ports (default 9876)
- Traffic patterns indicating data exfiltration
SIEM Query:
source="acronis_logs" AND (event_type="unauthorized_access" OR event_type="data_access" AND user="unknown")