CVE-2023-41742

CVSS 4.3 MEDIUMEPSS 0.4%CWE-1327

In short

Acronis Agent and Cyber Protect 15 bind to all network interfaces without restriction, allowing potential attackers on the network to communicate with the service. This exposes the application to unauthorized access and control.

Technical detail

The affected products listen on unrestricted IP addresses (0.0.0.0 or ::), expanding the attack surface to any network-connected system. An unauthenticated attacker on the same network segment can attempt to interact with the service without proper access controls in place.

Summary generated and translated by AI from the official description.

Excessive attack surface due to binding to an unrestricted IP address. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 30430, Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 35979.

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected products

Acronis · Acronis Agent Acronis · Acronis Cyber Protect 15

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://security-advisory.acronis.com/advisories/SEC-4351