CVE-2024-34019
https://notcve.org/view.php?id=CVE-2024-34019
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 4569. • https://security-advisory.acronis.com/advisories/SEC-3079 • CWE-427: Uncontrolled Search Path Element •
CVE-2023-45249 – Acronis Cyber Infrastructure (ACI) Insecure Default Password Vulnerability
https://notcve.org/view.php?id=CVE-2023-45249
Remote command execution due to use of default passwords. The following products are affected: Acronis Cyber Infrastructure (ACI) before build 5.0.1-61, Acronis Cyber Infrastructure (ACI) before build 5.1.1-71, Acronis Cyber Infrastructure (ACI) before build 5.2.1-69, Acronis Cyber Infrastructure (ACI) before build 5.3.1-53, Acronis Cyber Infrastructure (ACI) before build 5.4.4-132. Acronis Cyber Infrastructure (ACI) allows an unauthenticated user to execute commands remotely due to the use of default passwords. • https://security-advisory.acronis.com/advisories/SEC-6452 https://www.securityweek.com/acronis-product-vulnerability-exploited-in-the-wild • CWE-1393: Use of Default Password •
CVE-2024-34013
https://notcve.org/view.php?id=CVE-2024-34013
Local privilege escalation due to OS command injection vulnerability. The following products are affected: Acronis True Image (macOS) before build 41396. Escalada de privilegios locales debido a una vulnerabilidad de inyección de comandos del sistema operativo. Los siguientes productos se ven afectados: Acronis True Image (macOS) anterior a la compilación 41396. • https://security-advisory.acronis.com/advisories/SEC-7035 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2022-45449
https://notcve.org/view.php?id=CVE-2022-45449
Sensitive information disclosure due to excessive privileges assigned to Acronis Agent. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 30984. • https://security-advisory.acronis.com/advisories/SEC-5279 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2024-34012
https://notcve.org/view.php?id=CVE-2024-34012
Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cloud Manager (Windows) before build 6.2.24135.272. Escalada de privilegios locales debido a permisos de carpetas inseguros. Los siguientes productos se ven afectados: Acronis Cloud Manager (Windows) anterior a la compilación 6.2.24135.272. • https://security-advisory.acronis.com/advisories/SEC-5758 • CWE-276: Incorrect Default Permissions •