CVE-2024-34014
UNIX Symbolic Link (Symlink) Following (CWE-61)
Summary
Arbitrary file overwrite during recovery due to improper soft link handling. The vulnerability affects the following products: Acronis Backup plugin for cPanel & WHM (Linux) before build 818, Acronis Backup extension for Plesk (Linux) before build 599, Acronis Backup plugin for DirectAdmin (Linux) before build 181.
Impact
This vulnerability could allow an attacker to overwrite arbitrary files during the recovery process. By exploiting the improper handling of soft links, an attacker might be able to manipulate the system to overwrite critical files, potentially leading to system compromise, data loss, or unauthorized access to sensitive information.
Exploitation
There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.
Patch
Patches are available. Users should update to the following versions: - Acronis Backup plugin for cPanel & WHM (Linux): build 818 or later - Acronis Backup extension for Plesk (Linux): build 599 or later - Acronis Backup plugin for DirectAdmin (Linux): build 181 or later
Mitigation
1. Update affected Acronis Backup plugins and extensions to the latest versions as specified in the patch information. 2. If immediate updating is not possible, consider temporarily disabling or restricting access to the affected Acronis Backup components until patching can be completed. 3. Monitor system logs for any suspicious file operations, especially during recovery processes. 4. Implement the principle of least privilege for all user accounts and processes interacting with the affected software. 5. Regularly audit and validate the integrity of critical system files.
Timeline
NVD published the first details for CVE-2024-34014
Feedly found the first article mentioning CVE-2024-34014. See article
Feedly estimated the CVSS score as HIGH
Feedly estimated the CVSS score as MEDIUM
Feedly estimated the CVSS score as HIGH
EPSS Score was set to: 0.04% (Percentile: 10.1%)