CVE-2023-44208: 
Acronis Cyber Protect Home Office vulnerability analysis and mitigation

A sensitive information disclosure and manipulation vulnerability due to missing authorization was discovered in Acronis Cyber Protect Home Office (Windows) versions before build 40713. The vulnerability was assigned CVE-2023-44208 and was disclosed on October 4, 2023. The issue received a CVSS v3.1 base score of 9.1 (Critical) from NIST and 7.8 (High) from Acronis International GmbH (NVD Details).

The vulnerability is classified as CWE-862 (Missing Authorization) and allows unauthorized access to sensitive information and system manipulation. The CVSS vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N indicates that the vulnerability can be exploited remotely with low attack complexity, requires no privileges or user interaction, and can result in high impacts to both confidentiality and integrity, though availability is not affected (NVD Details).

The vulnerability has high severity impacts on both confidentiality and integrity of the system. An attacker can potentially access and manipulate sensitive information due to the missing authorization controls (NVD Details).

Users should upgrade Acronis Cyber Protect Home Office (Windows) to build 40713 or later to address this vulnerability (Vendor Advisory).