CVE-2024-49387

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Oct 15, 2024

Updated: Feb 4, 2025

CWE ID 319

Summary

CVE-2024-49387 exposes a vulnerability in Acronis Cyber Protect 16 (Linux and Windows) versions prior to build 38690. The issue lies in the acep-collector service, which transmits sensitive information in cleartext, making it susceptible to interception by unauthorized parties. This vulnerability could potentially lead to the theft of confidential data. Organizations and individuals using affected versions are advised to update to the latest build to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Acronis Cyber Protect

Affected Vendors

Acronis International

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/zfjZL1
https://www.cve.org/CVERecord?id=CVE-2024-49387
https://nvd.nist.gov/vuln/detail/CVE-2024-49387

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners