Login Sign Up

CVE-2024-49387

7.5 HIGH

📋 TL;DR

This vulnerability allows attackers to intercept sensitive information transmitted in cleartext by the acep-collector service in Acronis Cyber Protect 16. Organizations using affected versions on Linux or Windows systems are at risk of data exposure.

💻 Affected Systems

Products:
  • Acronis Cyber Protect 16
Versions: All versions before build 38690
Operating Systems: Linux, Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the acep-collector service component specifically.

📦 What is this software?

Cyber Protect by Acronis

View all CVEs affecting Cyber Protect →

Cyber Protect by Acronis

View all CVEs affecting Cyber Protect →

Cyber Protect by Acronis

View all CVEs affecting Cyber Protect →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of sensitive backup data, credentials, and system information transmitted by the service, leading to data breaches and potential lateral movement.

🟠

Likely Case

Interception of sensitive configuration data, backup metadata, and potentially credentials during normal service operation.

🟢

If Mitigated

Limited exposure of non-critical telemetry data if network segmentation and encryption are properly implemented.

🌐 Internet-Facing: MEDIUM - While the service may not be directly internet-facing, any exposure could lead to cleartext data interception.
🏢 Internal Only: HIGH - Internal attackers or compromised systems can easily intercept unencrypted traffic between components.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires network access to intercept cleartext traffic, which is straightforward with tools like Wireshark or tcpdump.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Build 38690 or later

Vendor Advisory: https://security-advisory.acronis.com/advisories/SEC-7022

Restart Required: Yes

Instructions:

1. Download latest version from Acronis portal. 2. Run installer. 3. Restart affected services. 4. Verify version is 38690+.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate acep-collector service traffic to trusted network segments only

VPN/Encryption Tunnel

all

Force all acep-collector traffic through encrypted VPN tunnels

🧯 If You Can't Patch

  • Implement strict network segmentation to limit acep-collector traffic to trusted segments only
  • Deploy network monitoring and IDS/IPS to detect cleartext data transmission attempts

🔍 How to Verify

Check if Vulnerable:

Check Acronis Cyber Protect version in admin console or run 'acronis_cyber_protect --version' on CLI

Check Version:

acronis_cyber_protect --version

Verify Fix Applied:

Confirm version is 38690 or higher and monitor network traffic for cleartext acep-collector communication

📡 Detection & Monitoring

Log Indicators:

  • Unusual network connection patterns to acep-collector ports
  • Failed encryption handshake attempts

Network Indicators:

  • Cleartext HTTP traffic on acep-collector ports (default 9876)
  • Unencrypted sensitive data in packet captures

SIEM Query:

source_port:9876 AND protocol:http AND NOT tls_handshake

📊 Metadata

CVE ID: CVE-2024-49387
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-319
Published: October 15, 2024
Last Updated: February 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-49387, you might also want to check these:

CVE-2023-33730 9.8

CVE-2023-33730 is a critical privilege escalation vulnerability in Microworld Technologies eScan Man...

Same vulnerability type (CWE-319)
CVE-2022-21829 9.8

This vulnerability in Concrete CMS allows authenticated high-privilege users to download zip files o...

Same vulnerability type (CWE-319)
CVE-2020-5426 9.8

CVE-2020-5426 allows attackers to intercept UAA client tokens transmitted in plaintext over non-TLS ...

Same vulnerability type (CWE-319)