CVE-2024-49385
📋 TL;DR
This vulnerability allows local attackers to access sensitive information due to insecure folder permissions in Acronis True Image for Windows. Users running vulnerable versions of the software on Windows systems are affected. The issue stems from improper access controls on application folders.
💻 Affected Systems
- Acronis True Image (Windows)
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers with local access could read sensitive backup data, configuration files, or credentials stored in improperly secured folders, potentially leading to data theft or further system compromise.
Likely Case
Local users or malware on the system could access backup metadata and configuration information, potentially exposing backup schedules, storage locations, or other sensitive operational details.
If Mitigated
With proper access controls and user separation, impact is limited to non-administrative users accessing non-critical application data.
🎯 Exploit Status
Exploitation requires local access to the system. No authentication bypass needed beyond local user access.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Build 41736 or later
Vendor Advisory: https://security-advisory.acronis.com/advisories/SEC-2397
Restart Required: Yes
Instructions:
1. Open Acronis True Image. 2. Go to Help > Check for updates. 3. Install available updates. 4. Restart the application and system if prompted.
🔧 Temporary Workarounds
Restrict folder permissions manually
windowsManually adjust permissions on Acronis True Image installation folders to restrict access to authorized users only.
icacls "C:\Program Files\Acronis\TrueImage" /inheritance:r /grant:r "SYSTEM:(OI)(CI)F" "Administrators:(OI)(CI)F" "Users:(OI)(CI)RX"
🧯 If You Can't Patch
- Implement strict user access controls and principle of least privilege
- Monitor access to Acronis True Image folders and files for suspicious activity
🔍 How to Verify
Check if Vulnerable:
Check Acronis True Image version in Help > About. If version is below build 41736, system is vulnerable.Check Version:
Check Help > About in Acronis True Image GUI or examine installed programs in Windows SettingsVerify Fix Applied:
Verify version is 41736 or higher in Help > About. Check folder permissions on Acronis installation directories.📡 Detection & Monitoring
Log Indicators:
- Unusual access patterns to Acronis program folders
- Failed permission modification attempts on Acronis directories
Network Indicators:
- N/A - Local vulnerability only
SIEM Query:
EventID=4663 AND ObjectName LIKE '%Acronis%TrueImage%' AND AccessesMask IN ('ReadData', 'ReadAttributes')