CVE-2024-49382
CVE-2024-49382
In short
The archive-server service in Acronis Cyber Protect 16 listens on all network interfaces instead of restricting access to specific addresses, allowing unauthorized network access to the service. This expands the potential attack surface by making the service accessible from unintended networks.
Technical detail
The archive-server component binds to an unrestricted IP address (0.0.0.0 or ::), enabling remote network access without proper segmentation. An attacker on the network can discover and probe the service, increasing exposure to potential exploitation of other vulnerabilities. Affects Acronis Cyber Protect 16 on Linux and Windows prior to build 38690.
Summary generated and translated by AI from the official description.
Excessive attack surface in archive-server service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.
CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Affected products
Acronis · Acronis Cyber Protect 16Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →