CVE-2024-34014
Severity Score
5.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track
*SSVC
Descriptions
Arbitrary file overwrite during recovery due to improper soft link handling. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build 818, Acronis Backup extension for Plesk (Linux) before build 599, Acronis Backup plugin for DirectAdmin (Linux) before build 181.
Arbitrary file overwrite during recovery due to improper symbolic link handling. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build 818, Acronis Backup extension for Plesk (Linux) before build 599, Acronis Backup plugin for DirectAdmin (Linux) before build 181.
*Credits:
Milos Colakovic (mailto:mcolakovic@godaddy.com), Nikola Nikolic (mailto:nnikolic@godaddy.com)
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-04-29 CVE Reserved
- 2024-11-11 CVE Published
- 2024-11-11 CVE Updated
- 2024-11-12 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-61: UNIX Symbolic Link (Symlink) Following
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-7592 | 2024-11-11 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Acronis Search vendor "Acronis" | Acronis Backup Plugin For CPanel & WHM Search vendor "Acronis" for product "Acronis Backup Plugin For CPanel & WHM" | < 818 Search vendor "Acronis" for product "Acronis Backup Plugin For CPanel & WHM" and version " < 818" | en |
Affected
| ||||||
| Acronis Search vendor "Acronis" | Acronis Backup Extension For Plesk Search vendor "Acronis" for product "Acronis Backup Extension For Plesk" | < 599 Search vendor "Acronis" for product "Acronis Backup Extension For Plesk" and version " < 599" | en |
Affected
| ||||||
| Acronis Search vendor "Acronis" | Acronis Backup Plugin For DirectAdmin Search vendor "Acronis" for product "Acronis Backup Plugin For DirectAdmin" | < 181 Search vendor "Acronis" for product "Acronis Backup Plugin For DirectAdmin" and version " < 181" | en |
Affected
| ||||||