CVE-2024-8903

Published: Sep 23, 2024Modified: Sep 26, 2024

4.7

Vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N

Exploitability: 1.0 / Impact: 3.6

Source: security@acronis.com (Secondary)

Description

Local active protection service settings manipulation due to unnecessary privileges assignment. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows, macOS) before build 38565.

Related CWEs

CWE-250

Execution with Unnecessary Privileges

The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.

References (1)

https://security-advisory.acronis.com/advisories/SEC-7510

Source: security@acronis.com

Timeline

No history available yet.