CVE-2022-45453 : TLS/SSL weak cipher suites enabled. The following products are affected: Acronis

TLS/SSL weak cipher suites enabled. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 30984.

Published 2023-05-18 10:15:10

Updated 2023-05-26 17:07:58

View at NVD, CVE.org

Products affected by CVE-2022-45453

Acronis » Cyber Protect
Versions before (<) 15
cpe:2.3:a:acronis:cyber_protect:*:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
Acronis » Cyber Protect » Version: 15
cpe:2.3:a:acronis:cyber_protect:15:-:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
Acronis » Cyber Protect » Version: 15 Update Update1
cpe:2.3:a:acronis:cyber_protect:15:update1:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
Acronis » Cyber Protect » Version: 15 Update Update2
cpe:2.3:a:acronis:cyber_protect:15:update2:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
Acronis » Cyber Protect » Version: 15 Update Update3
cpe:2.3:a:acronis:cyber_protect:15:update3:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
Acronis » Cyber Protect » Version: 15 Update Update4
cpe:2.3:a:acronis:cyber_protect:15:update4:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
When used together with: Microsoft » Windows » Version: N/A

EPSS FAQ

0.08%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 21 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.3	MEDIUM	CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N	1.6	3.6	Acronis International GmbH
Attack Vector: Adjacent Network Attack Complexity: High Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None

CWE-310

Assigned by: security@acronis.com (Secondary)
CWE-326 Inadequate Encryption Strength

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

Assigned by: nvd@nist.gov (Primary)

Jump to