CVE-2024-49384
CVE-2024-49384
In short
The acep-collector service in Acronis Cyber Protect 16 binds to an unrestricted IP address, expanding its exposure to potential attackers. This increases the attack surface unnecessarily, making the service accessible from more network locations than intended.
Technical detail
The acep-collector service binds to an unrestricted IP address rather than a specific interface, increasing network exposure. An attacker with network access to the system can target the service directly. Mitigation requires updating to build 38690 or later, or restricting network access through firewall rules.
Summary generated and translated by AI from the official description.
Excessive attack surface in acep-collector service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.
CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Affected products
Acronis · Acronis Cyber Protect 16Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →