Acronis Backup Plugins Hit by CVE-2024-8767: Critical Vulnerability with CVSS 9.9 Severity

In a recent advisory published on September 16, 2024, data protection giant Acronis disclosed a critical vulnerability affecting its widely-used backup plugins for server management platforms, including cPanel, Plesk, and DirectAdmin. Identified as CVE-2024-8767, this flaw has a CVSS severity score of 9.9, classifying it as Critical. The vulnerability poses a significant risk to users, particularly those who have not yet patched their systems.

The Vulnerability: CVE-2024-8767

CVE-2024-8767 affects the Linux-based Acronis Backup plugins used with platforms like cPanel & WHM, Plesk, and DirectAdmin—popular solutions for server management and automated website backups. These platforms are commonly employed by system administrators and hosting providers to manage and safeguard web servers.

The vulnerability stems from misconfigured permission settings within the backup plugins. If exploited, it could result in the leakage of sensitive information and enable unauthorized operations on compromised servers. This means attackers could potentially gain unauthorized access to servers, allowing them to manipulate data, extract sensitive information, or carry out malicious operations on websites or systems using these plugins.

Who Uses These Plugins?

  • cPanel & WHM: A widely-used web hosting control panel, primarily by hosting providers and administrators managing Linux-based servers.
  • Plesk: Another leading control panel for web hosting and server management, used by website owners, resellers, and service providers.
  • DirectAdmin: A more lightweight control panel favored for low-resource hosting environments, used by small-to-medium-sized businesses and hosting companies.

These platforms are critical for website and server management, making the impact of this vulnerability severe, especially for organizations relying on these systems for automated data protection and backup solutions.

Patch History and Ongoing Concerns

Although Acronis released patches for CVE-2024-8767 over a year ago, many systems may still remain unprotected. Acronis rolled out these patches in:

  • DirectAdmin version 1.2.0 (May 2023)
  • cPanel & WHM version 1.8.0 (June 2023)
  • Plesk version 1.8.0 (June 2023)

Despite these patches, the latest advisory from Acronis highlights concerns that many organizations have not yet applied the necessary updates, leaving their systems vulnerable to attack. Given the high CVSS score of 9.9, unpatched installations could become prime targets for cybercriminals seeking to exploit this severe vulnerability.

Related Vulnerability: CVE-2023-45249 in Acronis Cyber Infrastructure

This isn’t the first critical vulnerability addressed by Acronis this year. In July 2024, Acronis issued an alert concerning a flaw in its Cyber Infrastructure product, tracked as CVE-2023-45249. This vulnerability allowed attackers to bypass authentication by exploiting default credentials, leading to remote code execution on unpatched servers. Acronis confirmed active exploitation of this flaw and urged administrators to immediately patch their systems.

The fact that both CVE-2024-8767 and CVE-2023-45249 affect key Acronis products demonstrates the persistent risk posed by unpatched vulnerabilities in widely-used infrastructure. With attackers continually looking to exploit known weaknesses, timely patching is crucial for maintaining security.

Recommendations and Next Steps

Given the critical nature of CVE-2024-8767, Acronis is urging all users of cPanel, Plesk, and DirectAdmin backup plugins to ensure they are running the latest patched versions. The company also recommends reviewing server configurations to ensure permission settings are correctly applied, minimizing the risk of exploitation.

System administrators should take the following actions:

  1. Update to the latest plugin versions: Ensure that DirectAdmin is updated to version 1.2.0, cPanel & WHM to version 1.8.0, and Plesk to version 1.8.0 or later. This will protect against the CVE-2024-8767 vulnerability.
  2. Audit server permissions: Review backup plugin permissions and server configurations to ensure proper access controls are in place, preventing unauthorized operations.
  3. Monitor for suspicious activity: Regularly monitor server logs and traffic for signs of unauthorized access or attempts to exploit this vulnerability.
  4. Apply patches regularly: Ensure that all systems, including backup infrastructure, are regularly patched and up-to-date to mitigate against known vulnerabilities.

The disclosure of CVE-2024-8767 by Acronis highlights the significant risks posed by unpatched vulnerabilities in critical infrastructure. With a CVSS score of 9.9, this flaw has the potential to cause serious harm to organizations using cPanel, Plesk, and DirectAdmin. System administrators must act quickly to patch affected systems and safeguard their environments from exploitation. As demonstrated by both CVE-2024-8767 and CVE-2023-45249, failing to address these vulnerabilities can lead to devastating breaches, underscoring the importance of proactive security measures.

Learn More About CommandLink:
Contact Page

ADDITIONAL

RESOURCES:

Library with dropdown

Schedule a Demo:

Schedule a Demo
22722 29th Drive SE Suite 100 Bothell, WA 98021
Single source platform to design, deploy and manage internet access, SD-WAN, SASE, security, cloud phone systems, & collaboration services in one unified SaaS platform.
Copyright CommandLink. All rights reserved.
apartmentcloudcloud-synccloud-checklocklicenseuserusersspell-checklaptop-phonechart-barsselectthumbs-upchevron-downmovelayers