Acronis Backup Plugins Arbitrary File Overwrite via Improper Soft Link Handling (CVE-2024-34014)

Key Information Vulnerability Description Vulnerability Name: Arbitrary file overwrite during recovery due to improper soft link handling Vulnerability ID: CVE-2024-34014 Vulnerability Type: Medium severity Affected Products: - Acronis Backup plugin for cPanel & WHM (Linux) before build 818 - Acronis Backup extension for Plesk (Linux) before build 599 - Acronis Backup plugin for DirectAdmin (Linux) before build 181 Impact Scope Affected Versions: - Acronis Backup plugin for cPanel & WHM version 1.8.3 - Acronis Backup extension for Plesk version 1.8.6 - Acronis Backup plugin for DirectAdmin version 1.2.2 CVSS Score Score: 5.5 (Medium) Score Details: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CWE ID CWE ID: CWE-61 Authors Authors: Milos Colakovic, Nikola Nikolic Additional Information Release Date: 4 hours ago Update Date: - Acronis Backup plugin for cPanel & WHM version 1.8.3 - Acronis Backup extension for Plesk version 1.8.6 - Acronis Backup plugin for DirectAdmin version 1.2.2 Subscription Link: Subscribe to our Atom feed Contact Information: Contact us, Report a vulnerability

Goal Reached Thanks to every supporter — we hit 100%!

Acronis Backup Plugins Arbitrary File Overwrite via Improper Soft Link Handling (CVE-2024-34014)