CVE-2023-44206 - Vulnerability Details - OpenCVE

Sensitive information disclosure and manipulation due to improper authorization. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact total

Vendors	Products
Acronis	Cyber Protect
Linux	Linux Kernel
Microsoft	Windows

Configuration 1 [-]

AND

OR	cpe:2.3:a:acronis:cyber_protect::::::::
	cpe:2.3:a:acronis:cyber_protect:15:-::::::
	cpe:2.3:a:acronis:cyber_protect:15:update1::::::
	cpe:2.3:a:acronis:cyber_protect:15:update2::::::
	cpe:2.3:a:acronis:cyber_protect:15:update3::::::
	cpe:2.3:a:acronis:cyber_protect:15:update4::::::
	cpe:2.3:a:acronis:cyber_protect:15:update5::::::

OR	cpe:2.3:o:linux:linux_kernel:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

No data.

References

Link	Providers
https://security-advisory.acronis.com/advisories/SEC-5839

History

Mon, 23 Sep 2024 21:30:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:a:acronis:cyber_protect:15:::::::*
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Acronis

Published: 2023-09-27T12:02:16.923Z

Updated: 2024-09-23T20:13:38.682Z

Reserved: 2023-09-26T20:08:46.834Z

Link: CVE-2023-44206

Vulnrichment

Updated: 2024-08-02T19:59:51.527Z

NVD

Status : Modified

Published: 2023-09-27T15:19:39.407

Modified: 2024-11-21T08:25:26.413

Link: CVE-2023-44206

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-44206", "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", "state": "PUBLISHED", "assignerShortName": "Acronis", "dateReserved": "2023-09-26T20:08:46.834Z", "datePublished": "2023-09-27T12:02:16.923Z", "dateUpdated": "2024-09-23T20:13:38.682Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", "shortName": "Acronis", "dateUpdated": "2023-09-27T12:02:16.923Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-639", "description": "CWE-639", "type": "CWE"}]}], "affected": [{"vendor": "Acronis", "product": "Acronis Cyber Protect 15", "platforms": ["Linux", "Windows"], "versions": [{"version": "unspecified", "status": "affected", "lessThan": "35979", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Sensitive information disclosure and manipulation due to improper authorization. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979."}], "references": [{"url": "https://security-advisory.acronis.com/advisories/SEC-5839", "name": "SEC-5839", "tags": ["vendor-advisory"]}], "credits": [{"lang": "en", "value": "@theelgo64 (https://hackerone.com/theelgo64)", "type": "finder"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_0": {"version": "3.0", "baseScore": 7.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:59:51.527Z"}, "title": "CVE Program Container", "references": [{"url": "https://security-advisory.acronis.com/advisories/SEC-5839", "name": "SEC-5839", "tags": ["vendor-advisory", "x_transferred"]}]}, {"affected": [{"vendor": "acronis", "product": "cyber_protect", "cpes": ["cpe:2.3:a:acronis:cyber_protect:15:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "15", "status": "affected", "lessThan": "35979", "versionType": "semver"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-23T20:12:08.740528Z", "id": "CVE-2023-44206", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-23T20:13:38.682Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://security-advisory.acronis.com/advisories/SEC-5839", "name": "SEC-5839", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:59:51.527Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-44206", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-09-23T20:12:08.740528Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:acronis:cyber_protect:15:*:*:*:*:*:*:*"], "vendor": "acronis", "product": "cyber_protect", "versions": [{"status": "affected", "version": "15", "lessThan": "35979", "versionType": "semver"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-23T20:13:25.248Z"}}], "cna": {"credits": [{"lang": "en", "type": "finder", "value": "@theelgo64 (https://hackerone.com/theelgo64)"}], "metrics": [{"format": "CVSS", "cvssV3_0": {"version": "3.0", "baseScore": 7.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Acronis", "product": "Acronis Cyber Protect 15", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "35979", "versionType": "semver"}], "platforms": ["Linux", "Windows"], "defaultStatus": "unaffected"}], "references": [{"url": "https://security-advisory.acronis.com/advisories/SEC-5839", "name": "SEC-5839", "tags": ["vendor-advisory"]}], "descriptions": [{"lang": "en", "value": "Sensitive information disclosure and manipulation due to improper authorization. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-639", "description": "CWE-639"}]}], "providerMetadata": {"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", "shortName": "Acronis", "dateUpdated": "2023-09-27T12:02:16.923Z"}}}, "cveMetadata": {"cveId": "CVE-2023-44206", "state": "PUBLISHED", "dateUpdated": "2024-09-23T20:13:38.682Z", "dateReserved": "2023-09-26T20:08:46.834Z", "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", "datePublished": "2023-09-27T12:02:16.923Z", "assignerShortName": "Acronis"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:acronis:cyber_protect:*:*:*:*:*:*:*:*", "matchCriteriaId": "547972AF-7F43-4A6D-AFC7-5514DD9995A6", "versionEndExcluding": "15", "vulnerable": true}, {"criteria": "cpe:2.3:a:acronis:cyber_protect:15:-:*:*:*:*:*:*", "matchCriteriaId": "89899D10-1343-4276-919A-9C1DF2DB8B55", "vulnerable": true}, {"criteria": "cpe:2.3:a:acronis:cyber_protect:15:update1:*:*:*:*:*:*", "matchCriteriaId": "A77B2499-B3A4-4278-BA0D-59AB59C60352", "vulnerable": true}, {"criteria": "cpe:2.3:a:acronis:cyber_protect:15:update2:*:*:*:*:*:*", "matchCriteriaId": "BAF6A576-C320-4550-B7F8-4FCAE82FB06A", "vulnerable": true}, {"criteria": "cpe:2.3:a:acronis:cyber_protect:15:update3:*:*:*:*:*:*", "matchCriteriaId": "9740A956-D589-4846-8717-B6182EB65F8B", "vulnerable": true}, {"criteria": "cpe:2.3:a:acronis:cyber_protect:15:update4:*:*:*:*:*:*", "matchCriteriaId": "9AB8B19B-2B40-4F1B-AE24-1C43D362E4BC", "vulnerable": true}, {"criteria": "cpe:2.3:a:acronis:cyber_protect:15:update5:*:*:*:*:*:*", "matchCriteriaId": "69506F27-DEF8-4317-9E54-D79CA430AD4B", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Sensitive information disclosure and manipulation due to improper authorization. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979."}, {"lang": "es", "value": "Divulgaci\u00f3n y manipulaci\u00f3n de informaci\u00f3n sensible por autorizaci\u00f3n indebida. Los siguientes productos se ven afectados: Acronis Cyber Protect 15 (Linux, Windows) antes de la compilaci\u00f3n 35979."}], "id": "CVE-2023-44206", "lastModified": "2024-11-21T08:25:26.413", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "security@acronis.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-09-27T15:19:39.407", "references": [{"source": "security@acronis.com", "tags": ["Vendor Advisory"], "url": "https://security-advisory.acronis.com/advisories/SEC-5839"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://security-advisory.acronis.com/advisories/SEC-5839"}], "sourceIdentifier": "security@acronis.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-639"}], "source": "security@acronis.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-639"}], "source": "nvd@nist.gov", "type": "Primary"}]}