Vulnerabilites related to Acronis - Acronis True Image 2021
cve-2021-44204
Vulnerability from cvelistv5
Published
2022-02-04 22:29
Modified
2024-09-17 01:12
Severity ?
EPSS score ?
Summary
Local privilege escalation via named pipe due to improper access control checks. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27147, Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-2355 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Acronis | Acronis Cyber Protect 15 |
Version: unspecified < 28035 |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:17:24.863Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-2355"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows"
],
"product": "Acronis Cyber Protect 15",
"vendor": "Acronis",
"versions": [
{
"lessThan": "28035",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows"
],
"product": "Acronis Agent",
"vendor": "Acronis",
"versions": [
{
"lessThan": "27147",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows"
],
"product": "Acronis Cyber Protect Home Office",
"vendor": "Acronis",
"versions": [
{
"lessThan": "39612",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows"
],
"product": "Acronis True Image 2021",
"vendor": "Acronis",
"versions": [
{
"lessThan": "39287",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "@xnand (https://hackerone.com/xnand)"
}
],
"datePublic": "2022-02-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation via named pipe due to improper access control checks. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27147, Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-04T22:29:33",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-2355"
}
],
"source": {
"advisory": "SEC-2355",
"defect": [
"SEC-2355"
],
"discovery": "EXTERNAL"
},
"title": "Local privilege escalation via named pipe due to improper access control checks",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@acronis.com",
"DATE_PUBLIC": "2022-02-02T00:00:00.000Z",
"ID": "CVE-2021-44204",
"STATE": "PUBLIC",
"TITLE": "Local privilege escalation via named pipe due to improper access control checks"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Acronis Cyber Protect 15",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_value": "28035"
}
]
}
},
{
"product_name": "Acronis Agent",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_value": "27147"
}
]
}
},
{
"product_name": "Acronis Cyber Protect Home Office",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_value": "39612"
}
]
}
},
{
"product_name": "Acronis True Image 2021",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_value": "39287"
}
]
}
}
]
},
"vendor_name": "Acronis"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "@xnand (https://hackerone.com/xnand)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Local privilege escalation via named pipe due to improper access control checks. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27147, Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-advisory.acronis.com/advisories/SEC-2355",
"refsource": "MISC",
"url": "https://security-advisory.acronis.com/advisories/SEC-2355"
}
]
},
"source": {
"advisory": "SEC-2355",
"defect": [
"SEC-2355"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2021-44204",
"datePublished": "2022-02-04T22:29:33.071413Z",
"dateReserved": "2021-11-24T00:00:00",
"dateUpdated": "2024-09-17T01:12:21.982Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-44205
Vulnerability from cvelistv5
Published
2022-02-04 22:29
Modified
2024-09-17 01:36
Severity ?
EPSS score ?
Summary
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-3059 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Acronis | Acronis Cyber Protect Home Office |
Version: unspecified < 39612 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:17:24.843Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3059"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows"
],
"product": "Acronis Cyber Protect Home Office",
"vendor": "Acronis",
"versions": [
{
"lessThan": "39612",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows"
],
"product": "Acronis True Image 2021",
"vendor": "Acronis",
"versions": [
{
"lessThan": "39287",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "@xdanes09 (https://hackerone.com/xdanes09)"
}
],
"datePublic": "2022-02-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-04T22:29:31",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3059"
}
],
"source": {
"advisory": "SEC-3059",
"defect": [
"SEC-3059"
],
"discovery": "EXTERNAL"
},
"title": "Local privilege escalation due to DLL hijacking vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@acronis.com",
"DATE_PUBLIC": "2022-02-02T00:00:00.000Z",
"ID": "CVE-2021-44205",
"STATE": "PUBLIC",
"TITLE": "Local privilege escalation due to DLL hijacking vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Acronis Cyber Protect Home Office",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_value": "39612"
}
]
}
},
{
"product_name": "Acronis True Image 2021",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_value": "39287"
}
]
}
}
]
},
"vendor_name": "Acronis"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "@xdanes09 (https://hackerone.com/xdanes09)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-427"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-advisory.acronis.com/advisories/SEC-3059",
"refsource": "MISC",
"url": "https://security-advisory.acronis.com/advisories/SEC-3059"
}
]
},
"source": {
"advisory": "SEC-3059",
"defect": [
"SEC-3059"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2021-44205",
"datePublished": "2022-02-04T22:29:31.627056Z",
"dateReserved": "2021-11-24T00:00:00",
"dateUpdated": "2024-09-17T01:36:39.205Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-24115
Vulnerability from cvelistv5
Published
2022-02-04 22:29
Modified
2024-09-16 16:52
Severity ?
EPSS score ?
Summary
Local privilege escalation due to unrestricted loading of unsigned libraries. The following products are affected: Acronis Cyber Protect Home Office (macOS) before build 39605, Acronis True Image 2021 (macOS) before build 39287
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-3359 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Acronis | Acronis Cyber Protect Home Office |
Version: unspecified < 39605 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:59:23.626Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3359"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"macOS"
],
"product": "Acronis Cyber Protect Home Office",
"vendor": "Acronis",
"versions": [
{
"lessThan": "39605",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"macOS"
],
"product": "Acronis True Image 2021",
"vendor": "Acronis",
"versions": [
{
"lessThan": "39287",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "@vkas-afk (https://hackerone.com/vkas-afk)"
}
],
"datePublic": "2022-02-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation due to unrestricted loading of unsigned libraries. The following products are affected: Acronis Cyber Protect Home Office (macOS) before build 39605, Acronis True Image 2021 (macOS) before build 39287"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-04T22:29:30",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3359"
}
],
"source": {
"advisory": "SEC-3359",
"defect": [
"SEC-3359"
],
"discovery": "EXTERNAL"
},
"title": "Local privilege escalation due to unrestricted loading of unsigned libraries",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@acronis.com",
"DATE_PUBLIC": "2022-02-02T00:00:00.000Z",
"ID": "CVE-2022-24115",
"STATE": "PUBLIC",
"TITLE": "Local privilege escalation due to unrestricted loading of unsigned libraries"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Acronis Cyber Protect Home Office",
"version": {
"version_data": [
{
"platform": "macOS",
"version_affected": "\u003c",
"version_value": "39605"
}
]
}
},
{
"product_name": "Acronis True Image 2021",
"version": {
"version_data": [
{
"platform": "macOS",
"version_affected": "\u003c",
"version_value": "39287"
}
]
}
}
]
},
"vendor_name": "Acronis"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "@vkas-afk (https://hackerone.com/vkas-afk)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Local privilege escalation due to unrestricted loading of unsigned libraries. The following products are affected: Acronis Cyber Protect Home Office (macOS) before build 39605, Acronis True Image 2021 (macOS) before build 39287"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-347"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-advisory.acronis.com/advisories/SEC-3359",
"refsource": "MISC",
"url": "https://security-advisory.acronis.com/advisories/SEC-3359"
}
]
},
"source": {
"advisory": "SEC-3359",
"defect": [
"SEC-3359"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2022-24115",
"datePublished": "2022-02-04T22:29:30.925782Z",
"dateReserved": "2022-01-28T00:00:00",
"dateUpdated": "2024-09-16T16:52:37.123Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-44206
Vulnerability from cvelistv5
Published
2022-02-04 22:29
Modified
2024-09-16 22:45
Severity ?
EPSS score ?
Summary
Local privilege escalation due to DLL hijacking vulnerability in Acronis Media Builder service. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-3058 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Acronis | Acronis Cyber Protect Home Office |
Version: unspecified < 39612 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:17:24.550Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3058"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows"
],
"product": "Acronis Cyber Protect Home Office",
"vendor": "Acronis",
"versions": [
{
"lessThan": "39612",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows"
],
"product": "Acronis True Image 2021",
"vendor": "Acronis",
"versions": [
{
"lessThan": "39287",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "@xdanes09 (https://hackerone.com/xdanes09)"
}
],
"datePublic": "2022-02-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation due to DLL hijacking vulnerability in Acronis Media Builder service. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-04T22:29:33",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3058"
}
],
"source": {
"advisory": "SEC-3058",
"defect": [
"SEC-3058"
],
"discovery": "EXTERNAL"
},
"title": "Local privilege escalation due to DLL hijacking vulnerability in Acronis Media Builder service",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@acronis.com",
"DATE_PUBLIC": "2022-02-02T00:00:00.000Z",
"ID": "CVE-2021-44206",
"STATE": "PUBLIC",
"TITLE": "Local privilege escalation due to DLL hijacking vulnerability in Acronis Media Builder service"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Acronis Cyber Protect Home Office",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_value": "39612"
}
]
}
},
{
"product_name": "Acronis True Image 2021",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_value": "39287"
}
]
}
}
]
},
"vendor_name": "Acronis"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "@xdanes09 (https://hackerone.com/xdanes09)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Local privilege escalation due to DLL hijacking vulnerability in Acronis Media Builder service. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-427"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-advisory.acronis.com/advisories/SEC-3058",
"refsource": "MISC",
"url": "https://security-advisory.acronis.com/advisories/SEC-3058"
}
]
},
"source": {
"advisory": "SEC-3058",
"defect": [
"SEC-3058"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2021-44206",
"datePublished": "2022-02-04T22:29:33.897481Z",
"dateReserved": "2021-11-24T00:00:00",
"dateUpdated": "2024-09-16T22:45:14.240Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-24114
Vulnerability from cvelistv5
Published
2022-02-04 22:29
Modified
2024-09-17 03:07
Severity ?
EPSS score ?
Summary
Local privilege escalation due to race condition on application startup. The following products are affected: Acronis Cyber Protect Home Office (macOS) before build 39605, Acronis True Image 2021 (macOS) before build 39287
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-3316 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Acronis | Acronis Cyber Protect Home Office |
Version: unspecified < 39605 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:59:23.673Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3316"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"macOS"
],
"product": "Acronis Cyber Protect Home Office",
"vendor": "Acronis",
"versions": [
{
"lessThan": "39605",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"macOS"
],
"product": "Acronis True Image 2021",
"vendor": "Acronis",
"versions": [
{
"lessThan": "39287",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "@vkas-afk (https://hackerone.com/vkas-afk)"
}
],
"datePublic": "2022-02-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation due to race condition on application startup. The following products are affected: Acronis Cyber Protect Home Office (macOS) before build 39605, Acronis True Image 2021 (macOS) before build 39287"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-04T22:29:32",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3316"
}
],
"source": {
"advisory": "SEC-3316",
"defect": [
"SEC-3316"
],
"discovery": "EXTERNAL"
},
"title": "Local privilege escalation due to race condition on application startup",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@acronis.com",
"DATE_PUBLIC": "2022-02-02T00:00:00.000Z",
"ID": "CVE-2022-24114",
"STATE": "PUBLIC",
"TITLE": "Local privilege escalation due to race condition on application startup"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Acronis Cyber Protect Home Office",
"version": {
"version_data": [
{
"platform": "macOS",
"version_affected": "\u003c",
"version_value": "39605"
}
]
}
},
{
"product_name": "Acronis True Image 2021",
"version": {
"version_data": [
{
"platform": "macOS",
"version_affected": "\u003c",
"version_value": "39287"
}
]
}
}
]
},
"vendor_name": "Acronis"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "@vkas-afk (https://hackerone.com/vkas-afk)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Local privilege escalation due to race condition on application startup. The following products are affected: Acronis Cyber Protect Home Office (macOS) before build 39605, Acronis True Image 2021 (macOS) before build 39287"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-362"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-advisory.acronis.com/advisories/SEC-3316",
"refsource": "MISC",
"url": "https://security-advisory.acronis.com/advisories/SEC-3316"
}
]
},
"source": {
"advisory": "SEC-3316",
"defect": [
"SEC-3316"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2022-24114",
"datePublished": "2022-02-04T22:29:32.323632Z",
"dateReserved": "2022-01-28T00:00:00",
"dateUpdated": "2024-09-17T03:07:25.536Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-24113
Vulnerability from cvelistv5
Published
2022-02-04 22:29
Modified
2024-09-16 19:57
Severity ?
EPSS score ?
Summary
Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27147, Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-2881 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Acronis | Acronis Cyber Protect 15 |
Version: unspecified < 28035 |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:59:23.553Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-2881"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows"
],
"product": "Acronis Cyber Protect 15",
"vendor": "Acronis",
"versions": [
{
"lessThan": "28035",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows"
],
"product": "Acronis Agent",
"vendor": "Acronis",
"versions": [
{
"lessThan": "27147",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows"
],
"product": "Acronis Cyber Protect Home Office",
"vendor": "Acronis",
"versions": [
{
"lessThan": "39612",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows"
],
"product": "Acronis True Image 2021",
"vendor": "Acronis",
"versions": [
{
"lessThan": "39287",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "@penrose (https://hackerone.com/penrose)"
}
],
"datePublic": "2022-02-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27147, Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-04T22:29:30",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-2881"
}
],
"source": {
"advisory": "SEC-2881",
"defect": [
"SEC-2881"
],
"discovery": "EXTERNAL"
},
"title": "Local privilege escalation due to excessive permissions assigned to child processes",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@acronis.com",
"DATE_PUBLIC": "2022-02-02T00:00:00.000Z",
"ID": "CVE-2022-24113",
"STATE": "PUBLIC",
"TITLE": "Local privilege escalation due to excessive permissions assigned to child processes"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Acronis Cyber Protect 15",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_value": "28035"
}
]
}
},
{
"product_name": "Acronis Agent",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_value": "27147"
}
]
}
},
{
"product_name": "Acronis Cyber Protect Home Office",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_value": "39612"
}
]
}
},
{
"product_name": "Acronis True Image 2021",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_value": "39287"
}
]
}
}
]
},
"vendor_name": "Acronis"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "@penrose (https://hackerone.com/penrose)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27147, Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-250"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-advisory.acronis.com/advisories/SEC-2881",
"refsource": "MISC",
"url": "https://security-advisory.acronis.com/advisories/SEC-2881"
}
]
},
"source": {
"advisory": "SEC-2881",
"defect": [
"SEC-2881"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2022-24113",
"datePublished": "2022-02-04T22:29:30.215128Z",
"dateReserved": "2022-01-28T00:00:00",
"dateUpdated": "2024-09-16T19:57:01.189Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}