A critical missing authorization flaw in Acronis Cyber Protect allows attackers to manipulate or disclose sensitive data without any permission checks.

This vulnerability is characterized by missing authorization checks. Unlike improper authentication, this flaw suggests that even if a user is identified, the system fails to verify if they have the rights to perform specific sensitive actions, allowing for unauthorized data manipulation and disclosure.

With a CVSS score of 10.0, the business impact is severe. An attacker can bypass the entire authorization framework of the backup solution to delete, modify, or steal data. This renders the software's security controls ineffective and places the organization's entire data recovery strategy at risk of total failure during a crisis.

Immediate Action: Immediately upgrade to Acronis Cyber Protect 16 build 39938 or Acronis Cyber Protect 15 build 41800.

Proactive Monitoring: Review all logs for "Access Denied" errors that may have been bypassed or unusual patterns of file access and modification within the Acronis environment.

Compensating Controls: Use file integrity monitoring (FIM) on backup storage volumes to detect unauthorized modifications to archive files at the OS level.

Public Exploit Available: No

The absence of authorization checks in a security-centric product like Acronis Cyber Protect is a critical vulnerability. Organizations must treat this as a high-priority threat and apply the vendor-provided builds immediately. Security teams should also verify that no unauthorized accounts were created or permissions modified prior to patching.