The Acronis Cyber Protect appliance, in its default configuration, allows the anonymous registration of new backup/protection agents on new endpoints. This API endpoint also generates bearer tokens which the agent then uses to authenticate to the appliance. As the management web console is running on the same port as the API for the agents, this bearer token is also valid for any actions on the web console. This allows an attacker with network access to the appliance to start the registration of a new agent, retrieve a bearer token and then manipulate any settings on the appliance via the available functions in the web console.
The vulnerability was reported to the vendor under the Responsible Disclosure Policy and was subsequently fixed. The advisory has been published in coordination with the vendor only now, in order to give the users of the application sufficient time to install the patched version.
Detailed information can be found here: herolab.usd.de...
Негізгі бет Acronis Cyber Protect: Authentication Bypass with subsequent Remote Command Execution (usd-2022-008)
Пікірлер