CVE-2024-34014

Summary

Arbitrary file overwrite during recovery due to improper symbolic link handling. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build 1.8.3.818, Acronis Backup plugin for cPanel & WHM (Linux) before build 1.9.1.892, Acronis Backup extension for Plesk (Linux) before build 1.8.6.599, Acronis Backup plugin for DirectAdmin (Linux) before build 1.2.2.181.

Affected Software

VendorProductVersion RangeStatus
AcronisAcronis Backup plugin for cPanel & WHMunspecified < 1.8.3.818affected
AcronisAcronis Backup plugin for cPanel & WHMunspecified < 1.9.1.892affected
AcronisAcronis Backup extension for Pleskunspecified < 1.8.6.599affected
AcronisAcronis Backup plugin for DirectAdminunspecified < 1.2.2.181affected

Weaknesses

  • CWE-61: CWE-61

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References