CVE-2024-8767
📋 TL;DR
This CVE allows attackers to access and manipulate sensitive data due to excessive privileges assigned to Acronis Backup plugins. Affected users include administrators of cPanel & WHM, Plesk, and DirectAdmin control panels running Acronis Backup plugins on Linux systems.
💻 Affected Systems
- Acronis Backup plugin for cPanel & WHM (Linux)
- Acronis Backup extension for Plesk (Linux)
- Acronis Backup plugin for DirectAdmin (Linux)
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise allowing data theft, modification, or destruction of backup data and potentially host system access.
Likely Case
Unauthorized access to sensitive backup data including customer information, configuration files, and system credentials.
If Mitigated
Limited impact with proper privilege separation and access controls in place.
🎯 Exploit Status
Exploitation requires some level of access but privileges are excessive by design.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Build 619 for cPanel, build 555 for Plesk, build 147 for DirectAdmin
Vendor Advisory: https://security-advisory.acronis.com/advisories/SEC-4976
Restart Required: Yes
Instructions:
1. Update Acronis Backup plugin through your control panel's plugin manager. 2. For cPanel: Update to build 619+. 3. For Plesk: Update to build 555+. 4. For DirectAdmin: Update to build 147+. 5. Restart affected services.
🔧 Temporary Workarounds
Temporary privilege reduction
linuxManually adjust plugin permissions to minimum required access
# Review and modify plugin file permissions
# chmod 750 /path/to/acronis/plugin/directory
# Adjust ownership to non-privileged user
🧯 If You Can't Patch
- Disable Acronis Backup plugins until patching is possible
- Implement strict network segmentation and access controls for affected systems
🔍 How to Verify
Check if Vulnerable:
Check plugin version in control panel interface or run: grep -i version /path/to/acronis/plugin/filesCheck Version:
Check via control panel plugin manager or examine plugin manifest filesVerify Fix Applied:
Confirm version numbers meet minimum requirements: cPanel >=619, Plesk >=555, DirectAdmin >=147📡 Detection & Monitoring
Log Indicators:
- Unauthorized access attempts to backup files
- Privilege escalation events in system logs
- Unusual file access patterns in backup directories
Network Indicators:
- Unexpected connections to backup storage locations
- Anomalous data transfers from backup systems
SIEM Query:
source="*acronis*" AND (event_type="privilege_escalation" OR file_access="backup*")