Products
Acronis Cyber Protect Cloud Agent (Windows, macOS)
- before build 38565
Source
security@acronis.com
Tags
CVE-2024-8903 details
Published : Sept. 23, 2024, 9:15 a.m.
Last Modified : Sept. 23, 2024, 9:15 a.m.
Last Modified : Sept. 23, 2024, 9:15 a.m.
Description
Local active protection service settings manipulation due to unnecessary privileges assignment. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows, macOS) before build 38565.
CVSS Score
| 1 | 2 | 3 | 4.7 | 5 | 6 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-250 | Execution with Unnecessary Privileges | The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. |
CVSS Data
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
Base Score
4.7
Exploitability Score
1.0
Impact Score
3.6
Base Severity
MEDIUM
Vector String : CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
References
| URL | Source |
|---|---|
| https://security-advisory.acronis.com/advisories/SEC-7510 | security@acronis.com |
This website uses the NVD API, but is not approved or certified by it.