CVE-2024-49383
CVE-2024-49383
In short
The acep-importer service listens on all network interfaces instead of just localhost, allowing anyone on the network to potentially access it. This unnecessarily exposes the service to attacks that could otherwise be prevented by limiting who can connect.
Technical detail
The acep-importer service binds to an unrestricted IP address (0.0.0.0), expanding the attack surface by exposing the service to unauthenticated network access. This configuration increases the potential for network-based exploitation and abuse, particularly in multi-tenant or untrusted network environments. Mitigation requires binding to restricted IP addresses or implementing network segmentation controls.
Summary generated and translated by AI from the official description.
Excessive attack surface in acep-importer service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.
CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Affected products
Acronis · Acronis Cyber Protect 16Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →