In a recent advisory published on September 16, 2024, data protection giant Acronis disclosed a critical vulnerability affecting its widely-used backup plugins for server management platforms, including cPanel, Plesk, and DirectAdmin. Identified as CVE-2024-8767, this flaw has a CVSS severity score of 9.9, classifying it as Critical. The vulnerability poses a significant risk to users, particularly those who have not yet patched their systems.
CVE-2024-8767 affects the Linux-based Acronis Backup plugins used with platforms like cPanel & WHM, Plesk, and DirectAdmin—popular solutions for server management and automated website backups. These platforms are commonly employed by system administrators and hosting providers to manage and safeguard web servers.
The vulnerability stems from misconfigured permission settings within the backup plugins. If exploited, it could result in the leakage of sensitive information and enable unauthorized operations on compromised servers. This means attackers could potentially gain unauthorized access to servers, allowing them to manipulate data, extract sensitive information, or carry out malicious operations on websites or systems using these plugins.
These platforms are critical for website and server management, making the impact of this vulnerability severe, especially for organizations relying on these systems for automated data protection and backup solutions.
Although Acronis released patches for CVE-2024-8767 over a year ago, many systems may still remain unprotected. Acronis rolled out these patches in:
Despite these patches, the latest advisory from Acronis highlights concerns that many organizations have not yet applied the necessary updates, leaving their systems vulnerable to attack. Given the high CVSS score of 9.9, unpatched installations could become prime targets for cybercriminals seeking to exploit this severe vulnerability.
This isn’t the first critical vulnerability addressed by Acronis this year. In July 2024, Acronis issued an alert concerning a flaw in its Cyber Infrastructure product, tracked as CVE-2023-45249. This vulnerability allowed attackers to bypass authentication by exploiting default credentials, leading to remote code execution on unpatched servers. Acronis confirmed active exploitation of this flaw and urged administrators to immediately patch their systems.
The fact that both CVE-2024-8767 and CVE-2023-45249 affect key Acronis products demonstrates the persistent risk posed by unpatched vulnerabilities in widely-used infrastructure. With attackers continually looking to exploit known weaknesses, timely patching is crucial for maintaining security.
Given the critical nature of CVE-2024-8767, Acronis is urging all users of cPanel, Plesk, and DirectAdmin backup plugins to ensure they are running the latest patched versions. The company also recommends reviewing server configurations to ensure permission settings are correctly applied, minimizing the risk of exploitation.
System administrators should take the following actions:
The disclosure of CVE-2024-8767 by Acronis highlights the significant risks posed by unpatched vulnerabilities in critical infrastructure. With a CVSS score of 9.9, this flaw has the potential to cause serious harm to organizations using cPanel, Plesk, and DirectAdmin. System administrators must act quickly to patch affected systems and safeguard their environments from exploitation. As demonstrated by both CVE-2024-8767 and CVE-2023-45249, failing to address these vulnerabilities can lead to devastating breaches, underscoring the importance of proactive security measures.