CVE-2023-45246
📋 TL;DR
This vulnerability allows unauthorized access to sensitive information and potential manipulation due to missing authorization checks in Acronis Cyber Protect products. Attackers could exploit this to access or modify protected data. Affected users include those running vulnerable versions of Acronis Cyber Protect Cloud Agent or Acronis Cyber Protect 16.
💻 Affected Systems
- Acronis Cyber Protect Cloud Agent
- Acronis Cyber Protect 16
📦 What is this software?
Agent by Acronis
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of protected backup data including exfiltration, modification, or deletion of sensitive information across all managed systems.
Likely Case
Unauthorized access to backup metadata and configuration data, potentially leading to data exposure or service disruption.
If Mitigated
Limited impact with proper network segmentation and access controls preventing unauthorized network access to vulnerable components.
🎯 Exploit Status
Exploitation requires some level of access to the target network or system, but specific technical details are not publicly available.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Acronis Cyber Protect Cloud Agent build 36343 or later, Acronis Cyber Protect 16 build 39169 or later
Vendor Advisory: https://security-advisory.acronis.com/advisories/SEC-5903
Restart Required: Yes
Instructions:
1. Download latest version from Acronis portal. 2. Stop Acronis services. 3. Install update. 4. Restart services. 5. Verify successful update.
🔧 Temporary Workarounds
Network Segmentation
allRestrict network access to Acronis management interfaces to authorized administrators only.
Access Control Hardening
allImplement strict access controls and monitor for unauthorized access attempts.
🧯 If You Can't Patch
- Isolate vulnerable systems from untrusted networks and internet access
- Implement additional authentication layers and monitor for suspicious activity
🔍 How to Verify
Check if Vulnerable:
Check Acronis agent version in management console or via agent properties. Compare against vulnerable builds.Check Version:
Windows: Check Programs and Features. Linux/macOS: Check installed package version or agent status output.Verify Fix Applied:
Confirm version is at or above build 36343 for Cloud Agent or 39169 for Cyber Protect 16.📡 Detection & Monitoring
Log Indicators:
- Unauthorized access attempts to Acronis management interfaces
- Unusual authentication patterns
- Configuration changes from unexpected sources
Network Indicators:
- Unexpected connections to Acronis management ports (default 9876)
- Traffic patterns indicating data exfiltration
SIEM Query:
source="acronis*" AND (event_type="access_denied" OR event_type="unauthorized_access")