Back

CVE-2024-34018

Aug. 29, 2024, 8:15 p.m.

Received
CVE has been recently published to the CVE List and has been received by the NVD.

Products

Acronis Snap Deploy (Windows)

  • before build 4569

Source

security@acronis.com

Tags

CWE-276
security@acronis.com
2024-08-29
CVE-2024-34018

CVE-2024-34018 details

Published : Aug. 29, 2024, 8:15 p.m.
Last Modified : Aug. 29, 2024, 8:15 p.m.

Description

Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Snap Deploy (Windows) before build 4569.

CVSS Score

1 2 3 4 5.5 6 7 8 9 10

Weakness

Weakness Name Description
CWE-276 Incorrect Default Permissions During installation, installed file permissions are set to allow anyone to modify those files.

CVSS Data

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

Base Score

5.5

Exploitability Score

1.8

Impact Score

3.6

Base Severity

MEDIUM

Vector String : CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References

URL Source
https://security-advisory.acronis.com/advisories/SEC-4196 security@acronis.com
This website uses the NVD API, but is not approved or certified by it.