CVE-2024-49382: 
Acronis Cyber Protect vulnerability analysis and mitigation

Excessive attack surface vulnerability (CVE-2024-49382) was discovered in the archive-server service of Acronis Cyber Protect 16 (Linux, Windows) before build 38690. The vulnerability is due to binding to an unrestricted IP address, which was disclosed on October 15, 2024 (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 4.3 (MEDIUM) with the vector string CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N. The weakness has been categorized as CWE-1327 (Binding to an Unrestricted IP Address). The vulnerability affects Acronis Cyber Protect 16 installations on both Linux and Windows platforms (NVD).

The vulnerability results in an excessive attack surface in the archive-server service, potentially exposing sensitive information to unauthorized access. The CVSS scoring indicates that while the vulnerability can be exploited with low complexity and requires no privileges or user interaction, it only affects confidentiality with low severity (NVD).

Users should upgrade to Acronis Cyber Protect 16 build 38690 or later to address this vulnerability. The fix prevents the archive-server service from binding to unrestricted IP addresses (NVD, Vendor Advisory).