Vulnerabilites related to acronis - true_image
Vulnerability from fkie_nvd
Published
2022-02-04 23:15
Modified
2024-11-21 06:49
Severity ?
Summary
Local privilege escalation due to unrestricted loading of unsigned libraries. The following products are affected: Acronis Cyber Protect Home Office (macOS) before build 39605, Acronis True Image 2021 (macOS) before build 39287
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | cyber_protect_home_office | - | |
| apple | macos | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:-:*:*:*:macos:*:*",
"matchCriteriaId": "F68614CB-28F2-4BDB-AED4-109F78838AF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_1:*:*:*:macos:*:*",
"matchCriteriaId": "54625222-9064-4111-AE35-A1691580DE55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_2:*:*:*:macos:*:*",
"matchCriteriaId": "4BF0A2D9-7DE2-4401-B501-78130DE6B458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_3:*:*:*:macos:*:*",
"matchCriteriaId": "DB19EFC5-2997-4D52-BB5A-2D42B880C621",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_4:*:*:*:macos:*:*",
"matchCriteriaId": "1A9A87BC-5406-4534-9BB0-2FCDA0218FD6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acronis:cyber_protect_home_office:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8418AF63-E280-4CE2-8E5C-DCD00ABE6557",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation due to unrestricted loading of unsigned libraries. The following products are affected: Acronis Cyber Protect Home Office (macOS) before build 39605, Acronis True Image 2021 (macOS) before build 39287"
},
{
"lang": "es",
"value": "Una escalada de privilegios local debido a una carga sin restricciones de bibliotecas sin firmar. Los siguientes productos est\u00e1n afectados: Acronis Cyber Protect Home Office (macOS) versiones anteriores a la compilaci\u00f3n 39605, Acronis True Image 2021 (macOS) versiones anteriores a la compilaci\u00f3n 39287"
}
],
"id": "CVE-2022-24115",
"lastModified": "2024-11-21T06:49:50.163",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-04T23:15:16.087",
"references": [
{
"source": "security@acronis.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3359"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3359"
}
],
"sourceIdentifier": "security@acronis.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-347"
}
],
"source": "security@acronis.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-347"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-10-21 14:15
Modified
2024-11-21 04:54
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Acronis True Image 2021 includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkins_agent\. Acronis True Image contains a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system root, a user can create the appropriate path to a specially-crafted openssl.cnf file to achieve arbitrary code execution with SYSTEM privileges.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | https://www.kb.cert.org/vuls/id/114757 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.kb.cert.org/vuls/id/114757 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| acronis | true_image | 2021 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:*:*:*:*:*:*:*",
"matchCriteriaId": "CBD8DD1F-FE8D-4733-AB2D-CD89361F8210",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Acronis True Image 2021 includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\\jenkins_agent\\. Acronis True Image contains a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system root, a user can create the appropriate path to a specially-crafted openssl.cnf file to achieve arbitrary code execution with SYSTEM privileges."
},
{
"lang": "es",
"value": "Acronis True Image 2021 incluye un componente OpenSSL que especifica una variable OPENSSLDIR como un subdirectorio dentro de C:\\jenkins_agent\\.\u0026#xa0;Acronis True Image contiene un servicio privilegiado que usa este componente de OpenSSL.\u0026#xa0;Debido a que los usuarios de Windows no privilegiados pueden crear subdirectorios fuera del root del sistema, un usuario puede crear la ruta apropiada a un archivo openssl.cnf especialmente dise\u00f1ado para lograr una ejecuci\u00f3n de c\u00f3digo arbitraria con privilegios SYSTEM"
}
],
"id": "CVE-2020-10139",
"lastModified": "2024-11-21T04:54:53.873",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "cret@cert.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-21T14:15:15.187",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/114757"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/114757"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "cret@cert.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-665"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-10-21 14:15
Modified
2024-11-21 04:54
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Summary
Acronis True Image 2021 fails to properly set ACLs of the C:\ProgramData\Acronis directory. Because some privileged processes are executed from the C:\ProgramData\Acronis, an unprivileged user can achieve arbitrary code execution with SYSTEM privileges by placing a DLL in one of several paths within C:\ProgramData\Acronis.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | https://www.kb.cert.org/vuls/id/114757 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.kb.cert.org/vuls/id/114757 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| acronis | true_image | 2021 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:*:*:*:*:*:*:*",
"matchCriteriaId": "CBD8DD1F-FE8D-4733-AB2D-CD89361F8210",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Acronis True Image 2021 fails to properly set ACLs of the C:\\ProgramData\\Acronis directory. Because some privileged processes are executed from the C:\\ProgramData\\Acronis, an unprivileged user can achieve arbitrary code execution with SYSTEM privileges by placing a DLL in one of several paths within C:\\ProgramData\\Acronis."
},
{
"lang": "es",
"value": "Acronis True Image 2021 no configura correctamente las ACL del directorio C:\\ProgramData\\Acronis.\u0026#xa0;Debido a que algunos procesos privilegiados se ejecutan desde C:\\ProgramData\\Acronis, un usuario sin privilegios puede lograr la ejecuci\u00f3n de c\u00f3digo arbitrario con privilegios SYSTEM colocando una DLL en una de varias rutas dentro de C:\\ProgramData\\Acronis"
}
],
"id": "CVE-2020-10140",
"lastModified": "2024-11-21T04:54:53.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "cret@cert.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-21T14:15:15.247",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/114757"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/114757"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "cret@cert.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-05 20:15
Modified
2024-11-21 06:07
Severity ?
Summary
Acronis True Image prior to 2021 Update 4 for Windows allowed local privilege escalation due to improper soft link handling (issue 2 of 2).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://kb.acronis.com/content/68419 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.acronis.com/content/68419 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:-:*:*:*:windows:*:*",
"matchCriteriaId": "F7B99318-3AA5-428D-B0D7-106128BDCE78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_1:*:*:*:windows:*:*",
"matchCriteriaId": "B1CFEB0F-588B-4B88-9169-4ADB6396C1C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_2:*:*:*:windows:*:*",
"matchCriteriaId": "54BE6067-0357-4C68-AA06-CB5EEA3DD86F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_3:*:*:*:windows:*:*",
"matchCriteriaId": "02D1EBBC-47EE-4C46-AA69-DD0B7DE1B173",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Acronis True Image prior to 2021 Update 4 for Windows allowed local privilege escalation due to improper soft link handling (issue 2 of 2)."
},
{
"lang": "es",
"value": "Acronis True Image anterior a versi\u00f3n 2021 Update 4 para Windows permit\u00eda la escalada de privilegios local debido a la administraci\u00f3n inapropiada de enlaces blandos (problema 2 de 2)"
}
],
"id": "CVE-2021-32578",
"lastModified": "2024-11-21T06:07:18.677",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-05T20:15:08.980",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.acronis.com/content/68419"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.acronis.com/content/68419"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-610"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-03-10 23:44
Modified
2024-11-21 00:44
Severity ?
Summary
Acronis True Image Windows Agent 1.0.0.54 and earlier, included in Acronis True Image Enterprise Server 9.5.0.8072 and the other True Image packages, allows remote attackers to cause a denial of service (crash) via a malformed packet to port 9876, which triggers a NULL pointer dereference.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| acronis | true_image | * | |
| acronis | true_image_windows_agent | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acronis:true_image:*:*:*:*:*:*:*:*",
"matchCriteriaId": "583DBEEA-1CCE-4CDF-B1F9-06FD696E2AB1",
"versionEndIncluding": "9.5.0.8072",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image_windows_agent:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F11427B3-83A0-4C7C-92DB-37E9F7605793",
"versionEndIncluding": "1.0.0.54",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Acronis True Image Windows Agent 1.0.0.54 and earlier, included in Acronis True Image Enterprise Server 9.5.0.8072 and the other True Image packages, allows remote attackers to cause a denial of service (crash) via a malformed packet to port 9876, which triggers a NULL pointer dereference."
},
{
"lang": "es",
"value": "Acronis True Image Windows Agent 1.0.0.54 y anteriores, inclu\u00eddos en Acronis True Image Enterprise Server 9.5.0.8072 y los otros paquetes True Image, permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de un paquete mal formado hacia el puerto 8976 que dispara una referencia a un puntero NULL."
}
],
"id": "CVE-2008-1280",
"lastModified": "2024-11-21T00:44:09.510",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-03-10T23:44:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://aluigi.altervista.org/adv/acroagent-adv.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29306"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/489362/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/28169"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0812/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41070"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://aluigi.altervista.org/adv/acroagent-adv.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29306"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/489362/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/28169"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0812/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41070"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-02-04 23:15
Modified
2024-11-21 06:30
Severity ?
Summary
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | cyber_protect_home_office | - | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:-:*:*:*:windows:*:*",
"matchCriteriaId": "F7B99318-3AA5-428D-B0D7-106128BDCE78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_1:*:*:*:windows:*:*",
"matchCriteriaId": "B1CFEB0F-588B-4B88-9169-4ADB6396C1C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_2:*:*:*:windows:*:*",
"matchCriteriaId": "54BE6067-0357-4C68-AA06-CB5EEA3DD86F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_3:*:*:*:windows:*:*",
"matchCriteriaId": "02D1EBBC-47EE-4C46-AA69-DD0B7DE1B173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_4:*:*:*:windows:*:*",
"matchCriteriaId": "0CF1A7BF-9B93-4D7C-BCD8-30DEF789B46B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acronis:cyber_protect_home_office:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8418AF63-E280-4CE2-8E5C-DCD00ABE6557",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287"
},
{
"lang": "es",
"value": "Una escalada de privilegios local debido a una vulnerabilidad de secuestro de DLL. Los siguientes productos est\u00e1n afectados: Acronis Cyber Protect Home Office (Windows) versiones anteriores a la versi\u00f3n 39612, Acronis True Image 2021 (Windows) versiones anteriores a la versi\u00f3n 39287"
}
],
"id": "CVE-2021-44205",
"lastModified": "2024-11-21T06:30:34.457",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-04T23:15:12.057",
"references": [
{
"source": "security@acronis.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3059"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3059"
}
],
"sourceIdentifier": "security@acronis.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "security@acronis.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-02-04 23:15
Modified
2024-11-21 06:30
Severity ?
Summary
Local privilege escalation via named pipe due to improper access control checks. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27147, Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | agent | * | |
| acronis | cyber_protect | 15 | |
| acronis | cyber_protect | 15 | |
| acronis | cyber_protect | 15 | |
| acronis | cyber_protect_home_office | - | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:*:*:*:*:-:*:*",
"matchCriteriaId": "7DC81A5D-044A-44EF-8695-748A63778291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_1:*:*:*:windows:*:*",
"matchCriteriaId": "B1CFEB0F-588B-4B88-9169-4ADB6396C1C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_2:*:*:*:windows:*:*",
"matchCriteriaId": "54BE6067-0357-4C68-AA06-CB5EEA3DD86F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_3:*:*:*:windows:*:*",
"matchCriteriaId": "02D1EBBC-47EE-4C46-AA69-DD0B7DE1B173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_4:*:*:*:windows:*:*",
"matchCriteriaId": "0CF1A7BF-9B93-4D7C-BCD8-30DEF789B46B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_5:*:*:*:windows:*:*",
"matchCriteriaId": "B55B6ED7-C602-4C7B-88C5-B0499D61EB1E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acronis:agent:*:*:*:*:*:*:*:*",
"matchCriteriaId": "85D71339-7F19-41DC-B6D2-BF776F472EE1",
"versionEndExcluding": "c21.06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_protect:15:-:*:*:*:*:*:*",
"matchCriteriaId": "89899D10-1343-4276-919A-9C1DF2DB8B55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_protect:15:update1:*:*:*:*:*:*",
"matchCriteriaId": "A77B2499-B3A4-4278-BA0D-59AB59C60352",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_protect:15:update2:*:*:*:*:*:*",
"matchCriteriaId": "BAF6A576-C320-4550-B7F8-4FCAE82FB06A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_protect_home_office:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8418AF63-E280-4CE2-8E5C-DCD00ABE6557",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation via named pipe due to improper access control checks. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27147, Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287"
},
{
"lang": "es",
"value": "Una escalada de privilegios local por medio de una tuber\u00eda con nombre debido a comprobaciones de control de acceso inapropiadas. Los siguientes productos est\u00e1n afectados: Acronis Cyber Protect 15 (Windows) versiones anteriores a la compilaci\u00f3n 28035, Acronis Agent (Windows) versiones anteriores a la compilaci\u00f3n 27147, Acronis Cyber Protect Home Office (Windows) versiones anteriores a la compilaci\u00f3n 39612, Acronis True Image 2021 (Windows) versiones anteriores a la compilaci\u00f3n 39287"
}
],
"id": "CVE-2021-44204",
"lastModified": "2024-11-21T06:30:34.300",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-04T23:15:12.013",
"references": [
{
"source": "security@acronis.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-2355"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-2355"
}
],
"sourceIdentifier": "security@acronis.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-285"
}
],
"source": "security@acronis.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-06-21 20:29
Modified
2024-11-21 03:25
Severity ?
Summary
Acronis True Image up to and including version 2017 Build 8053 performs software updates using HTTP. Downloaded updates are only verified using a server-provided MD5 hash.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | http://www.securityfocus.com/bid/99128 | Third Party Advisory, VDB Entry | |
| cret@cert.org | https://www.kb.cert.org/vuls/id/489392 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/99128 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.kb.cert.org/vuls/id/489392 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| acronis | true_image | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acronis:true_image:*:*:*:*:*:*:*:*",
"matchCriteriaId": "40FCED77-070F-4770-94C5-ACCB2C9BF7F1",
"versionEndIncluding": "2017",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Acronis True Image up to and including version 2017 Build 8053 performs software updates using HTTP. Downloaded updates are only verified using a server-provided MD5 hash."
},
{
"lang": "es",
"value": "Acronis True Image hasta e incluyendo la versi\u00f3n 2017 Build 8053 realiza actualizaciones de software mediante HTTP. Las actualizaciones descargadas solo se verifican por medio de un hash MD5 proporcionado por el servidor."
}
],
"id": "CVE-2017-3219",
"lastModified": "2024-11-21T03:25:03.813",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-21T20:29:00.250",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99128"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/489392"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99128"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/489392"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-311"
}
],
"source": "cret@cert.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-345"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-05 20:15
Modified
2024-11-21 06:07
Severity ?
Summary
Acronis True Image prior to 2021 Update 5 for Windows allowed local privilege escalation due to insecure folder permissions.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://kb.acronis.com/content/68413 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.acronis.com/content/68413 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:-:*:*:*:windows:*:*",
"matchCriteriaId": "F7B99318-3AA5-428D-B0D7-106128BDCE78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_1:*:*:*:windows:*:*",
"matchCriteriaId": "B1CFEB0F-588B-4B88-9169-4ADB6396C1C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_2:*:*:*:windows:*:*",
"matchCriteriaId": "54BE6067-0357-4C68-AA06-CB5EEA3DD86F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_3:*:*:*:windows:*:*",
"matchCriteriaId": "02D1EBBC-47EE-4C46-AA69-DD0B7DE1B173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_4:*:*:*:windows:*:*",
"matchCriteriaId": "0CF1A7BF-9B93-4D7C-BCD8-30DEF789B46B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Acronis True Image prior to 2021 Update 5 for Windows allowed local privilege escalation due to insecure folder permissions."
},
{
"lang": "es",
"value": "Acronis True Image anterior a versi\u00f3n 2021 Update 5 para Windows permit\u00eda la escalada de privilegios local debido a los permisos no seguros de las carpetas"
}
],
"id": "CVE-2021-32577",
"lastModified": "2024-11-21T06:07:18.527",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-05T20:15:08.943",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.acronis.com/content/68413"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.acronis.com/content/68413"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-02-04 23:15
Modified
2024-11-21 06:49
Severity ?
Summary
Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27147, Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| acronis | agent | * | |
| acronis | cyber_protect | 15 | |
| acronis | cyber_protect | 15 | |
| acronis | cyber_protect | 15 | |
| acronis | cyber_protect_home_office | - | |
| microsoft | windows | - | |
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acronis:agent:*:*:*:*:*:*:*:*",
"matchCriteriaId": "85D71339-7F19-41DC-B6D2-BF776F472EE1",
"versionEndExcluding": "c21.06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_protect:15:-:*:*:*:*:*:*",
"matchCriteriaId": "89899D10-1343-4276-919A-9C1DF2DB8B55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_protect:15:update1:*:*:*:*:*:*",
"matchCriteriaId": "A77B2499-B3A4-4278-BA0D-59AB59C60352",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_protect:15:update2:*:*:*:*:*:*",
"matchCriteriaId": "BAF6A576-C320-4550-B7F8-4FCAE82FB06A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_protect_home_office:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8418AF63-E280-4CE2-8E5C-DCD00ABE6557",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:-:*:*:*:windows:*:*",
"matchCriteriaId": "F7B99318-3AA5-428D-B0D7-106128BDCE78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_1:*:*:*:windows:*:*",
"matchCriteriaId": "B1CFEB0F-588B-4B88-9169-4ADB6396C1C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_2:*:*:*:windows:*:*",
"matchCriteriaId": "54BE6067-0357-4C68-AA06-CB5EEA3DD86F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_3:*:*:*:windows:*:*",
"matchCriteriaId": "02D1EBBC-47EE-4C46-AA69-DD0B7DE1B173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_4:*:*:*:windows:*:*",
"matchCriteriaId": "0CF1A7BF-9B93-4D7C-BCD8-30DEF789B46B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_5:*:*:*:windows:*:*",
"matchCriteriaId": "B55B6ED7-C602-4C7B-88C5-B0499D61EB1E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27147, Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287"
},
{
"lang": "es",
"value": "Una escalada de privilegios local debido a permisos excesivos asignados a los procesos hijos. Los siguientes productos est\u00e1n afectados: Acronis Cyber Protect 15 (Windows) versiones anteriores a la compilaci\u00f3n 28035, Acronis Agent (Windows) versiones anteriores a la compilaci\u00f3n 27147, Acronis Cyber Protect Home Office (Windows) versiones anteriores a la compilaci\u00f3n 39612, Acronis True Image 2021 (Windows) versiones anteriores a la compilaci\u00f3n 39287"
}
],
"id": "CVE-2022-24113",
"lastModified": "2024-11-21T06:49:49.933",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-04T23:15:15.997",
"references": [
{
"source": "security@acronis.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-2881"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-2881"
}
],
"sourceIdentifier": "security@acronis.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-250"
}
],
"source": "security@acronis.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-276"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-07-15 14:15
Modified
2024-11-21 05:05
Severity ?
Summary
Acronis True Image for Mac before 2021 Update 4 allowed local privilege escalation due to insecure folder permissions.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://kb.acronis.com/content/68396 | Vendor Advisory | |
| cve@mitre.org | https://www.acronis.com/en-us/support/updates/index.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.acronis.com/content/68396 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.acronis.com/en-us/support/updates/index.html | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| acronis | true_image | * | |
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acronis:true_image:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "E084A432-0826-484B-B763-F4B67FFABCCB",
"versionEndExcluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:-:*:*:*:macos:*:*",
"matchCriteriaId": "F68614CB-28F2-4BDB-AED4-109F78838AF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_1:*:*:*:macos:*:*",
"matchCriteriaId": "54625222-9064-4111-AE35-A1691580DE55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_2:*:*:*:macos:*:*",
"matchCriteriaId": "4BF0A2D9-7DE2-4401-B501-78130DE6B458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_3:*:*:*:macos:*:*",
"matchCriteriaId": "DB19EFC5-2997-4D52-BB5A-2D42B880C621",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Acronis True Image for Mac before 2021 Update 4 allowed local privilege escalation due to insecure folder permissions."
},
{
"lang": "es",
"value": "Acronis True Image for Mac versiones anteriores a 2021 Update 4, permit\u00eda una escalada de privilegios local debido a permisos no seguros de las carpetas"
}
],
"id": "CVE-2020-15496",
"lastModified": "2024-11-21T05:05:38.090",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-15T14:15:12.713",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.acronis.com/content/68396"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.acronis.com/en-us/support/updates/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.acronis.com/content/68396"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.acronis.com/en-us/support/updates/index.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-281"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-01-29 07:15
Modified
2024-11-21 05:26
Severity ?
Summary
Acronis True Image for Windows prior to 2021 Update 3 allowed local privilege escalation due to a DLL hijacking vulnerability in multiple components, aka an Untrusted Search Path issue.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.acronis.com/en-us/products/true-image/ | Product, Vendor Advisory | |
| cve@mitre.org | https://www.acronis.com/en-us/support/updates/changes.html?p=42246 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.acronis.com/en-us/products/true-image/ | Product, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.acronis.com/en-us/support/updates/changes.html?p=42246 | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| acronis | true_image | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acronis:true_image:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "DC747B21-CE02-4812-BFC3-FDCC0D7A0199",
"versionEndIncluding": "2021",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Acronis True Image for Windows prior to 2021 Update 3 allowed local privilege escalation due to a DLL hijacking vulnerability in multiple components, aka an Untrusted Search Path issue."
},
{
"lang": "es",
"value": "Acronis True Image para Windows versiones anteriores a 2021 Update 3, permit\u00eda una escalada de privilegios locales debido a una vulnerabilidad de secuestro DLL en m\u00faltiples componentes, tambi\u00e9n se conoce como un problema de Ruta de B\u00fasqueda No Confiable"
}
],
"id": "CVE-2020-35145",
"lastModified": "2024-11-21T05:26:51.220",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-01-29T07:15:17.997",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.acronis.com/en-us/products/true-image/"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.acronis.com/en-us/support/updates/changes.html?p=42246"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.acronis.com/en-us/products/true-image/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.acronis.com/en-us/support/updates/changes.html?p=42246"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-05 20:15
Modified
2024-11-21 06:07
Severity ?
Summary
Acronis True Image prior to 2021 Update 4 for Windows allowed local privilege escalation due to DLL hijacking.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://kb.acronis.com/content/68419 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.acronis.com/content/68419 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:-:*:*:*:windows:*:*",
"matchCriteriaId": "F7B99318-3AA5-428D-B0D7-106128BDCE78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_1:*:*:*:windows:*:*",
"matchCriteriaId": "B1CFEB0F-588B-4B88-9169-4ADB6396C1C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_2:*:*:*:windows:*:*",
"matchCriteriaId": "54BE6067-0357-4C68-AA06-CB5EEA3DD86F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_3:*:*:*:windows:*:*",
"matchCriteriaId": "02D1EBBC-47EE-4C46-AA69-DD0B7DE1B173",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Acronis True Image prior to 2021 Update 4 for Windows allowed local privilege escalation due to DLL hijacking."
},
{
"lang": "es",
"value": "Acronis True Image anterior a versi\u00f3n 2021 Update 4 para Windows, permit\u00eda la escalada de privilegios local debido al secuestro de DLL"
}
],
"id": "CVE-2021-32580",
"lastModified": "2024-11-21T06:07:18.973",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-05T20:15:09.063",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.acronis.com/content/68419"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.acronis.com/content/68419"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-07-15 15:15
Modified
2024-11-21 05:18
Severity ?
Summary
Acronis True Image 2019 update 1 through 2021 update 1 on macOS allows local privilege escalation due to an insecure XPC service configuration.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| acronis | true_image | 2019 | |
| acronis | true_image | 2019 | |
| acronis | true_image | 2019 | |
| acronis | true_image | 2020 | |
| acronis | true_image | 2021 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acronis:true_image:2019:1:*:*:*:macos:*:*",
"matchCriteriaId": "2B2C5F83-B839-48BF-9B87-4E5441E52F3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2019:2:*:*:*:macos:*:*",
"matchCriteriaId": "9C935C09-A843-4A04-984F-DCB734ADEA7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2019:3:*:*:*:macos:*:*",
"matchCriteriaId": "D97BFFB8-3056-4B49-B1AA-433C3AE2F21F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2020:*:*:*:*:macos:*:*",
"matchCriteriaId": "7E0D50EC-E230-4693-941A-A2FB7A3327D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:1:*:*:*:macos:*:*",
"matchCriteriaId": "585CAC18-02E8-4D22-A0D7-0E7F9C2A1966",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Acronis True Image 2019 update 1 through 2021 update 1 on macOS allows local privilege escalation due to an insecure XPC service configuration."
},
{
"lang": "es",
"value": "Acronis True Image versiones 2019 update 1 hasta 2021 update 1 en macOS, permite una escalada de privilegios local debido a una configuraci\u00f3n no segura del servicio XPC"
}
],
"id": "CVE-2020-25736",
"lastModified": "2024-11-21T05:18:36.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-15T15:15:08.270",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/170246/Acronis-TrueImage-XPC-Privilege-Escalation.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://kb.acronis.com/content/68061"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.acronis.com/en-us/blog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/170246/Acronis-TrueImage-XPC-Privilege-Escalation.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://kb.acronis.com/content/68061"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.acronis.com/en-us/blog/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-05 20:15
Modified
2024-11-21 06:07
Severity ?
Summary
Acronis True Image prior to 2021 Update 4 for Windows and Acronis True Image prior to 2021 Update 5 for macOS allowed an unauthenticated attacker (who has a local code execution ability) to tamper with the micro-service API.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://kb.acronis.com/content/68413 | Vendor Advisory | |
| cve@mitre.org | https://kb.acronis.com/content/68419 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.acronis.com/content/68413 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.acronis.com/content/68419 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:-:*:*:*:macos:*:*",
"matchCriteriaId": "F68614CB-28F2-4BDB-AED4-109F78838AF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:-:*:*:*:windows:*:*",
"matchCriteriaId": "F7B99318-3AA5-428D-B0D7-106128BDCE78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_1:*:*:*:macos:*:*",
"matchCriteriaId": "54625222-9064-4111-AE35-A1691580DE55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_1:*:*:*:windows:*:*",
"matchCriteriaId": "B1CFEB0F-588B-4B88-9169-4ADB6396C1C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_2:*:*:*:macos:*:*",
"matchCriteriaId": "4BF0A2D9-7DE2-4401-B501-78130DE6B458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_2:*:*:*:windows:*:*",
"matchCriteriaId": "54BE6067-0357-4C68-AA06-CB5EEA3DD86F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_3:*:*:*:macos:*:*",
"matchCriteriaId": "DB19EFC5-2997-4D52-BB5A-2D42B880C621",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_3:*:*:*:windows:*:*",
"matchCriteriaId": "02D1EBBC-47EE-4C46-AA69-DD0B7DE1B173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_4:*:*:*:macos:*:*",
"matchCriteriaId": "1A9A87BC-5406-4534-9BB0-2FCDA0218FD6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Acronis True Image prior to 2021 Update 4 for Windows and Acronis True Image prior to 2021 Update 5 for macOS allowed an unauthenticated attacker (who has a local code execution ability) to tamper with the micro-service API."
},
{
"lang": "es",
"value": "Acronis True Image anterior a versi\u00f3n 2021 Update 4 para Windows y Acronis True Image anterior a versi\u00f3n 2021 Update 5 para macOS, permit\u00edan que un atacante no autenticado (con capacidad de ejecuci\u00f3n de c\u00f3digo local) manipulara la API de microservicios"
}
],
"id": "CVE-2021-32579",
"lastModified": "2024-11-21T06:07:18.813",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-05T20:15:09.027",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.acronis.com/content/68413"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.acronis.com/content/68419"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.acronis.com/content/68413"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.acronis.com/content/68419"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-05 20:15
Modified
2024-11-21 06:07
Severity ?
Summary
Acronis True Image prior to 2021 Update 4 for Windows, Acronis True Image prior to 2021 Update 5 for Mac, Acronis Agent prior to build 26653, Acronis Cyber Protect prior to build 27009 did not implement SSL certificate validation.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://kb.acronis.com/content/68413 | Vendor Advisory | |
| cve@mitre.org | https://kb.acronis.com/content/68419 | Vendor Advisory | |
| cve@mitre.org | https://kb.acronis.com/content/68648 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.acronis.com/content/68413 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.acronis.com/content/68419 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.acronis.com/content/68648 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| acronis | cyber_protect_cloud | * | |
| acronis | cyber_protection_agent | * | |
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acronis:cyber_protect_cloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA5ECF46-3C9C-42D1-9792-3B8A24C0EFF4",
"versionEndExcluding": "15.0.27009",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_protection_agent:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E4B327A6-59A3-4E8D-867B-BCD4482AC1D6",
"versionEndExcluding": "15.0.26653",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:-:*:*:*:macos:*:*",
"matchCriteriaId": "F68614CB-28F2-4BDB-AED4-109F78838AF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:-:*:*:*:windows:*:*",
"matchCriteriaId": "F7B99318-3AA5-428D-B0D7-106128BDCE78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_1:*:*:*:macos:*:*",
"matchCriteriaId": "54625222-9064-4111-AE35-A1691580DE55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_1:*:*:*:windows:*:*",
"matchCriteriaId": "B1CFEB0F-588B-4B88-9169-4ADB6396C1C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_2:*:*:*:macos:*:*",
"matchCriteriaId": "4BF0A2D9-7DE2-4401-B501-78130DE6B458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_2:*:*:*:windows:*:*",
"matchCriteriaId": "54BE6067-0357-4C68-AA06-CB5EEA3DD86F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_3:*:*:*:macos:*:*",
"matchCriteriaId": "DB19EFC5-2997-4D52-BB5A-2D42B880C621",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_3:*:*:*:windows:*:*",
"matchCriteriaId": "02D1EBBC-47EE-4C46-AA69-DD0B7DE1B173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_4:*:*:*:macos:*:*",
"matchCriteriaId": "1A9A87BC-5406-4534-9BB0-2FCDA0218FD6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Acronis True Image prior to 2021 Update 4 for Windows, Acronis True Image prior to 2021 Update 5 for Mac, Acronis Agent prior to build 26653, Acronis Cyber Protect prior to build 27009 did not implement SSL certificate validation."
},
{
"lang": "es",
"value": "Acronis True Image anterior a versi\u00f3n 2021 Update 4 para Windows, Acronis True Image anterior a versi\u00f3n 2021 Update 5 para Mac, Acronis Agent anterior a la compilaci\u00f3n 26653, Acronis Cyber Protect anterior a la compilaci\u00f3n 27009, no implementaban la comprobaci\u00f3n de certificados SSL"
}
],
"id": "CVE-2021-32581",
"lastModified": "2024-11-21T06:07:19.127",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-05T20:15:09.100",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.acronis.com/content/68413"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.acronis.com/content/68419"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.acronis.com/content/68648"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.acronis.com/content/68413"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.acronis.com/content/68419"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.acronis.com/content/68648"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-02-04 23:15
Modified
2024-11-21 06:30
Severity ?
Summary
Local privilege escalation due to DLL hijacking vulnerability in Acronis Media Builder service. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | cyber_protect_home_office | - | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:-:*:*:*:windows:*:*",
"matchCriteriaId": "F7B99318-3AA5-428D-B0D7-106128BDCE78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_1:*:*:*:windows:*:*",
"matchCriteriaId": "B1CFEB0F-588B-4B88-9169-4ADB6396C1C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_2:*:*:*:windows:*:*",
"matchCriteriaId": "54BE6067-0357-4C68-AA06-CB5EEA3DD86F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_3:*:*:*:windows:*:*",
"matchCriteriaId": "02D1EBBC-47EE-4C46-AA69-DD0B7DE1B173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_4:*:*:*:windows:*:*",
"matchCriteriaId": "0CF1A7BF-9B93-4D7C-BCD8-30DEF789B46B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acronis:cyber_protect_home_office:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8418AF63-E280-4CE2-8E5C-DCD00ABE6557",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation due to DLL hijacking vulnerability in Acronis Media Builder service. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287"
},
{
"lang": "es",
"value": "Una escalada local de privilegios debido a una vulnerabilidad de secuestro de DLL en el servicio Acronis Media Builder. Los siguientes productos est\u00e1n afectados: Acronis Cyber Protect Home Office (Windows) versiones anteriores a la compilaci\u00f3n 39612, Acronis True Image 2021 (Windows) versiones anteriores a la compilaci\u00f3n 39287"
}
],
"id": "CVE-2021-44206",
"lastModified": "2024-11-21T06:30:34.593",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-04T23:15:12.100",
"references": [
{
"source": "security@acronis.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3058"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3058"
}
],
"sourceIdentifier": "security@acronis.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "security@acronis.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-02-04 23:15
Modified
2024-11-21 06:49
Severity ?
Summary
Local privilege escalation due to race condition on application startup. The following products are affected: Acronis Cyber Protect Home Office (macOS) before build 39605, Acronis True Image 2021 (macOS) before build 39287
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | cyber_protect_home_office | - | |
| apple | macos | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:-:*:*:*:macos:*:*",
"matchCriteriaId": "F68614CB-28F2-4BDB-AED4-109F78838AF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_1:*:*:*:macos:*:*",
"matchCriteriaId": "54625222-9064-4111-AE35-A1691580DE55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_2:*:*:*:macos:*:*",
"matchCriteriaId": "4BF0A2D9-7DE2-4401-B501-78130DE6B458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_3:*:*:*:macos:*:*",
"matchCriteriaId": "DB19EFC5-2997-4D52-BB5A-2D42B880C621",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_4:*:*:*:macos:*:*",
"matchCriteriaId": "1A9A87BC-5406-4534-9BB0-2FCDA0218FD6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acronis:cyber_protect_home_office:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8418AF63-E280-4CE2-8E5C-DCD00ABE6557",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation due to race condition on application startup. The following products are affected: Acronis Cyber Protect Home Office (macOS) before build 39605, Acronis True Image 2021 (macOS) before build 39287"
},
{
"lang": "es",
"value": "Una escalada de privilegios local debido a una condici\u00f3n de carrera en el inicio de la aplicaci\u00f3n. Los siguientes productos est\u00e1n afectados: Acronis Cyber Protect Home Office (macOS) versiones anteriores a la compilaci\u00f3n 39605, Acronis True Image 2021 (macOS) versiones anteriores a la compilaci\u00f3n 39287"
}
],
"id": "CVE-2022-24114",
"lastModified": "2024-11-21T06:49:50.053",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-04T23:15:16.047",
"references": [
{
"source": "security@acronis.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3316"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3316"
}
],
"sourceIdentifier": "security@acronis.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "security@acronis.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-05 20:15
Modified
2024-11-21 06:07
Severity ?
Summary
Acronis True Image prior to 2021 Update 4 for Windows allowed local privilege escalation due to improper soft link handling (issue 1 of 2).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://kb.acronis.com/content/68419 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.acronis.com/content/68419 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:-:*:*:*:windows:*:*",
"matchCriteriaId": "F7B99318-3AA5-428D-B0D7-106128BDCE78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_1:*:*:*:windows:*:*",
"matchCriteriaId": "B1CFEB0F-588B-4B88-9169-4ADB6396C1C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_2:*:*:*:windows:*:*",
"matchCriteriaId": "54BE6067-0357-4C68-AA06-CB5EEA3DD86F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_3:*:*:*:windows:*:*",
"matchCriteriaId": "02D1EBBC-47EE-4C46-AA69-DD0B7DE1B173",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Acronis True Image prior to 2021 Update 4 for Windows allowed local privilege escalation due to improper soft link handling (issue 1 of 2)."
},
{
"lang": "es",
"value": "Acronis True Image anterior a versi\u00f3n 2021 Update 4 para Windows permit\u00eda la escalada de privilegios local debido a la administraci\u00f3n inapropiada de enlaces blandos (problema 1 de 2)"
}
],
"id": "CVE-2021-32576",
"lastModified": "2024-11-21T06:07:18.370",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-05T20:15:08.907",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.acronis.com/content/68419"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.acronis.com/content/68419"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-610"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-07-15 15:15
Modified
2024-11-21 05:18
Severity ?
Summary
Acronis True Image through 2021 on macOS allows local privilege escalation from admin to root due to insecure folder permissions.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://kb.acronis.com/content/68396 | Vendor Advisory | |
| cve@mitre.org | https://www.acronis.com/en-us/blog/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.acronis.com/content/68396 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.acronis.com/en-us/blog/ | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| acronis | true_image | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acronis:true_image:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "6A2047EF-D6C3-48C4-BC24-ACAA01B074C2",
"versionEndIncluding": "2021",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Acronis True Image through 2021 on macOS allows local privilege escalation from admin to root due to insecure folder permissions."
},
{
"lang": "es",
"value": "Acronis True Image versiones hasta 2021 en macOS, permite una escalada de privilegios local de admin a root debido a permisos de carpeta no seguros"
}
],
"id": "CVE-2020-25593",
"lastModified": "2024-11-21T05:18:10.940",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-15T15:15:08.237",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.acronis.com/content/68396"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.acronis.com/en-us/blog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.acronis.com/content/68396"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.acronis.com/en-us/blog/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-276"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-03-10 23:44
Modified
2024-11-21 00:44
Severity ?
Summary
Acronis True Image Group Server 1.5.19.191 and earlier, included in Acronis True Image Enterprise Server 9.5.0.8072 and the other True Image packages, allows remote attackers to cause a denial of service (crash) via a packet with an invalid length field, which causes an out-of-bounds read.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| acronis | true_image | * | |
| acronis | true_image | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acronis:true_image:*:*:group_server:*:*:*:*:*",
"matchCriteriaId": "0368A045-C9E2-4B33-9617-85F632624DD9",
"versionEndIncluding": "1.5.19.191",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:*:*:enterprise_server:*:*:*:*:*",
"matchCriteriaId": "E50A07EE-946C-42F4-9F4E-E95C5330DD41",
"versionEndIncluding": "9.5.0.8072",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Acronis True Image Group Server 1.5.19.191 and earlier, included in Acronis True Image Enterprise Server 9.5.0.8072 and the other True Image packages, allows remote attackers to cause a denial of service (crash) via a packet with an invalid length field, which causes an out-of-bounds read."
},
{
"lang": "es",
"value": "Acronis True Image Group Server 1.5.19.191 y anteriores, inclu\u00eddos en Acronis True Image Enterprise Server 9.5.0.8072 y los otros paquetes True Image, permiten a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de un paquete con un tama\u00f1o de campo inv\u00e1lido que causa una lectura fuera de l\u00edmite."
}
],
"id": "CVE-2008-1279",
"lastModified": "2024-11-21T00:44:09.357",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-03-10T23:44:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://aluigi.altervista.org/adv/acrogroup-adv.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29306"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/489353/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/28169"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0813/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41071"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://aluigi.altervista.org/adv/acrogroup-adv.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29306"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/489353/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/28169"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0813/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41071"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-07-15 15:15
Modified
2024-11-21 05:05
Severity ?
Summary
Acronis True Image 2019 update 1 through 2020 on macOS allows local privilege escalation due to an insecure XPC service configuration.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://kb.acronis.com/content/68061 | Vendor Advisory | |
| cve@mitre.org | https://www.acronis.com/en-us/support/updates/index.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.acronis.com/content/68061 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.acronis.com/en-us/support/updates/index.html | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| acronis | true_image | 2019 | |
| acronis | true_image | 2019 | |
| acronis | true_image | 2019 | |
| acronis | true_image | 2020 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acronis:true_image:2019:1:*:*:*:macos:*:*",
"matchCriteriaId": "2B2C5F83-B839-48BF-9B87-4E5441E52F3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2019:2:*:*:*:macos:*:*",
"matchCriteriaId": "9C935C09-A843-4A04-984F-DCB734ADEA7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2019:3:*:*:*:macos:*:*",
"matchCriteriaId": "D97BFFB8-3056-4B49-B1AA-433C3AE2F21F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2020:-:*:*:*:macos:*:*",
"matchCriteriaId": "12AF0029-A77F-4677-8DE5-7B84FD522616",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Acronis True Image 2019 update 1 through 2020 on macOS allows local privilege escalation due to an insecure XPC service configuration."
},
{
"lang": "es",
"value": "Acronis True Image versiones 2019 update 1 hasta 2020, en macOS permite una escalada de privilegios local debido a una configuraci\u00f3n no segura del servicio XPC"
}
],
"id": "CVE-2020-15495",
"lastModified": "2024-11-21T05:05:37.933",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-15T15:15:08.147",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.acronis.com/content/68061"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.acronis.com/en-us/support/updates/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.acronis.com/content/68061"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.acronis.com/en-us/support/updates/index.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2020-10139
Vulnerability from cvelistv5
Published
2020-10-21 13:40
Modified
2024-08-04 10:50
Severity ?
EPSS score ?
Summary
Acronis True Image 2021 includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkins_agent\. Acronis True Image contains a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system root, a user can create the appropriate path to a specially-crafted openssl.cnf file to achieve arbitrary code execution with SYSTEM privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.kb.cert.org/vuls/id/114757 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Acronis | True Image 2021 |
Version: unspecified < 32010 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:50:57.899Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/114757"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "True Image 2021",
"vendor": "Acronis",
"versions": [
{
"lessThan": "32010",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Will Dormann"
}
],
"descriptions": [
{
"lang": "en",
"value": "Acronis True Image 2021 includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\\jenkins_agent\\. Acronis True Image contains a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system root, a user can create the appropriate path to a specially-crafted openssl.cnf file to achieve arbitrary code execution with SYSTEM privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-21T13:40:19",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.kb.cert.org/vuls/id/114757"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2020-10139",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "True Image 2021",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "32010"
}
]
}
}
]
},
"vendor_name": "Acronis"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Will Dormann"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Acronis True Image 2021 includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\\jenkins_agent\\. Acronis True Image contains a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system root, a user can create the appropriate path to a specially-crafted openssl.cnf file to achieve arbitrary code execution with SYSTEM privileges."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.kb.cert.org/vuls/id/114757",
"refsource": "MISC",
"url": "https://www.kb.cert.org/vuls/id/114757"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2020-10139",
"datePublished": "2020-10-21T13:40:19",
"dateReserved": "2020-03-05T00:00:00",
"dateUpdated": "2024-08-04T10:50:57.899Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-25736
Vulnerability from cvelistv5
Published
2021-07-15 00:00
Modified
2024-08-04 15:40
Severity ?
EPSS score ?
Summary
Acronis True Image 2019 update 1 through 2021 update 1 on macOS allows local privilege escalation due to an insecure XPC service configuration.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:40:36.949Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.acronis.com/en-us/blog/"
},
{
"tags": [
"x_transferred"
],
"url": "https://kb.acronis.com/content/68061"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/170246/Acronis-TrueImage-XPC-Privilege-Escalation.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Acronis True Image 2019 update 1 through 2021 update 1 on macOS allows local privilege escalation due to an insecure XPC service configuration."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-15T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.acronis.com/en-us/blog/"
},
{
"url": "https://kb.acronis.com/content/68061"
},
{
"url": "http://packetstormsecurity.com/files/170246/Acronis-TrueImage-XPC-Privilege-Escalation.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-25736",
"datePublished": "2021-07-15T00:00:00",
"dateReserved": "2020-09-17T00:00:00",
"dateUpdated": "2024-08-04T15:40:36.949Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-24115
Vulnerability from cvelistv5
Published
2022-02-04 22:29
Modified
2024-09-16 16:52
Severity ?
EPSS score ?
Summary
Local privilege escalation due to unrestricted loading of unsigned libraries. The following products are affected: Acronis Cyber Protect Home Office (macOS) before build 39605, Acronis True Image 2021 (macOS) before build 39287
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-3359 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Acronis | Acronis Cyber Protect Home Office |
Version: unspecified < 39605 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:59:23.626Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3359"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"macOS"
],
"product": "Acronis Cyber Protect Home Office",
"vendor": "Acronis",
"versions": [
{
"lessThan": "39605",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"macOS"
],
"product": "Acronis True Image 2021",
"vendor": "Acronis",
"versions": [
{
"lessThan": "39287",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "@vkas-afk (https://hackerone.com/vkas-afk)"
}
],
"datePublic": "2022-02-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation due to unrestricted loading of unsigned libraries. The following products are affected: Acronis Cyber Protect Home Office (macOS) before build 39605, Acronis True Image 2021 (macOS) before build 39287"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-04T22:29:30",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3359"
}
],
"source": {
"advisory": "SEC-3359",
"defect": [
"SEC-3359"
],
"discovery": "EXTERNAL"
},
"title": "Local privilege escalation due to unrestricted loading of unsigned libraries",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@acronis.com",
"DATE_PUBLIC": "2022-02-02T00:00:00.000Z",
"ID": "CVE-2022-24115",
"STATE": "PUBLIC",
"TITLE": "Local privilege escalation due to unrestricted loading of unsigned libraries"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Acronis Cyber Protect Home Office",
"version": {
"version_data": [
{
"platform": "macOS",
"version_affected": "\u003c",
"version_value": "39605"
}
]
}
},
{
"product_name": "Acronis True Image 2021",
"version": {
"version_data": [
{
"platform": "macOS",
"version_affected": "\u003c",
"version_value": "39287"
}
]
}
}
]
},
"vendor_name": "Acronis"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "@vkas-afk (https://hackerone.com/vkas-afk)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Local privilege escalation due to unrestricted loading of unsigned libraries. The following products are affected: Acronis Cyber Protect Home Office (macOS) before build 39605, Acronis True Image 2021 (macOS) before build 39287"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-347"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-advisory.acronis.com/advisories/SEC-3359",
"refsource": "MISC",
"url": "https://security-advisory.acronis.com/advisories/SEC-3359"
}
]
},
"source": {
"advisory": "SEC-3359",
"defect": [
"SEC-3359"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2022-24115",
"datePublished": "2022-02-04T22:29:30.925782Z",
"dateReserved": "2022-01-28T00:00:00",
"dateUpdated": "2024-09-16T16:52:37.123Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-32581
Vulnerability from cvelistv5
Published
2021-08-05 19:19
Modified
2024-08-03 23:25
Severity ?
EPSS score ?
Summary
Acronis True Image prior to 2021 Update 4 for Windows, Acronis True Image prior to 2021 Update 5 for Mac, Acronis Agent prior to build 26653, Acronis Cyber Protect prior to build 27009 did not implement SSL certificate validation.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.acronis.com/content/68419 | x_refsource_MISC | |
| https://kb.acronis.com/content/68413 | x_refsource_MISC | |
| https://kb.acronis.com/content/68648 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:25:30.448Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.acronis.com/content/68419"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.acronis.com/content/68413"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.acronis.com/content/68648"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Acronis True Image prior to 2021 Update 4 for Windows, Acronis True Image prior to 2021 Update 5 for Mac, Acronis Agent prior to build 26653, Acronis Cyber Protect prior to build 27009 did not implement SSL certificate validation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-05T19:19:41",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.acronis.com/content/68419"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.acronis.com/content/68413"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.acronis.com/content/68648"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-32581",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Acronis True Image prior to 2021 Update 4 for Windows, Acronis True Image prior to 2021 Update 5 for Mac, Acronis Agent prior to build 26653, Acronis Cyber Protect prior to build 27009 did not implement SSL certificate validation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.acronis.com/content/68419",
"refsource": "MISC",
"url": "https://kb.acronis.com/content/68419"
},
{
"name": "https://kb.acronis.com/content/68413",
"refsource": "MISC",
"url": "https://kb.acronis.com/content/68413"
},
{
"name": "https://kb.acronis.com/content/68648",
"refsource": "MISC",
"url": "https://kb.acronis.com/content/68648"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-32581",
"datePublished": "2021-08-05T19:19:41",
"dateReserved": "2021-05-11T00:00:00",
"dateUpdated": "2024-08-03T23:25:30.448Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-1279
Vulnerability from cvelistv5
Published
2008-03-10 23:00
Modified
2024-08-07 08:17
Severity ?
EPSS score ?
Summary
Acronis True Image Group Server 1.5.19.191 and earlier, included in Acronis True Image Enterprise Server 9.5.0.8072 and the other True Image packages, allows remote attackers to cause a denial of service (crash) via a packet with an invalid length field, which causes an out-of-bounds read.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/29306 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2008/0813/references | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/archive/1/489353/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://aluigi.altervista.org/adv/acrogroup-adv.txt | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/41071 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/28169 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:17:33.923Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "29306",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29306"
},
{
"name": "ADV-2008-0813",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0813/references"
},
{
"name": "20080310 Invalid memory access in Acronis True Image Group Server 1.5.19.191",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/489353/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/acrogroup-adv.txt"
},
{
"name": "acronis-groupserver-dos(41071)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41071"
},
{
"name": "28169",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28169"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Acronis True Image Group Server 1.5.19.191 and earlier, included in Acronis True Image Enterprise Server 9.5.0.8072 and the other True Image packages, allows remote attackers to cause a denial of service (crash) via a packet with an invalid length field, which causes an out-of-bounds read."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "29306",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29306"
},
{
"name": "ADV-2008-0813",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0813/references"
},
{
"name": "20080310 Invalid memory access in Acronis True Image Group Server 1.5.19.191",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/489353/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/acrogroup-adv.txt"
},
{
"name": "acronis-groupserver-dos(41071)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41071"
},
{
"name": "28169",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28169"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1279",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Acronis True Image Group Server 1.5.19.191 and earlier, included in Acronis True Image Enterprise Server 9.5.0.8072 and the other True Image packages, allows remote attackers to cause a denial of service (crash) via a packet with an invalid length field, which causes an out-of-bounds read."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29306",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29306"
},
{
"name": "ADV-2008-0813",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0813/references"
},
{
"name": "20080310 Invalid memory access in Acronis True Image Group Server 1.5.19.191",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489353/100/0/threaded"
},
{
"name": "http://aluigi.altervista.org/adv/acrogroup-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/acrogroup-adv.txt"
},
{
"name": "acronis-groupserver-dos(41071)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41071"
},
{
"name": "28169",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28169"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1279",
"datePublished": "2008-03-10T23:00:00",
"dateReserved": "2008-03-10T00:00:00",
"dateUpdated": "2024-08-07T08:17:33.923Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-10140
Vulnerability from cvelistv5
Published
2020-10-21 13:40
Modified
2024-08-04 10:50
Severity ?
EPSS score ?
Summary
Acronis True Image 2021 fails to properly set ACLs of the C:\ProgramData\Acronis directory. Because some privileged processes are executed from the C:\ProgramData\Acronis, an unprivileged user can achieve arbitrary code execution with SYSTEM privileges by placing a DLL in one of several paths within C:\ProgramData\Acronis.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.kb.cert.org/vuls/id/114757 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Acronis | True Image |
Version: 2021 < 32010 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:50:57.928Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/114757"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "True Image",
"vendor": "Acronis",
"versions": [
{
"lessThan": "32010",
"status": "affected",
"version": "2021",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Will Dormann"
}
],
"descriptions": [
{
"lang": "en",
"value": "Acronis True Image 2021 fails to properly set ACLs of the C:\\ProgramData\\Acronis directory. Because some privileged processes are executed from the C:\\ProgramData\\Acronis, an unprivileged user can achieve arbitrary code execution with SYSTEM privileges by placing a DLL in one of several paths within C:\\ProgramData\\Acronis."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-21T13:40:19",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.kb.cert.org/vuls/id/114757"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2020-10140",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "True Image",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2021",
"version_value": "32010"
}
]
}
}
]
},
"vendor_name": "Acronis"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Will Dormann"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Acronis True Image 2021 fails to properly set ACLs of the C:\\ProgramData\\Acronis directory. Because some privileged processes are executed from the C:\\ProgramData\\Acronis, an unprivileged user can achieve arbitrary code execution with SYSTEM privileges by placing a DLL in one of several paths within C:\\ProgramData\\Acronis."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-732 Incorrect Permission Assignment for Critical Resource"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.kb.cert.org/vuls/id/114757",
"refsource": "MISC",
"url": "https://www.kb.cert.org/vuls/id/114757"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2020-10140",
"datePublished": "2020-10-21T13:40:19",
"dateReserved": "2020-03-05T00:00:00",
"dateUpdated": "2024-08-04T10:50:57.928Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-44206
Vulnerability from cvelistv5
Published
2022-02-04 22:29
Modified
2024-09-16 22:45
Severity ?
EPSS score ?
Summary
Local privilege escalation due to DLL hijacking vulnerability in Acronis Media Builder service. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-3058 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Acronis | Acronis Cyber Protect Home Office |
Version: unspecified < 39612 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:17:24.550Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3058"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows"
],
"product": "Acronis Cyber Protect Home Office",
"vendor": "Acronis",
"versions": [
{
"lessThan": "39612",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows"
],
"product": "Acronis True Image 2021",
"vendor": "Acronis",
"versions": [
{
"lessThan": "39287",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "@xdanes09 (https://hackerone.com/xdanes09)"
}
],
"datePublic": "2022-02-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation due to DLL hijacking vulnerability in Acronis Media Builder service. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-04T22:29:33",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3058"
}
],
"source": {
"advisory": "SEC-3058",
"defect": [
"SEC-3058"
],
"discovery": "EXTERNAL"
},
"title": "Local privilege escalation due to DLL hijacking vulnerability in Acronis Media Builder service",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@acronis.com",
"DATE_PUBLIC": "2022-02-02T00:00:00.000Z",
"ID": "CVE-2021-44206",
"STATE": "PUBLIC",
"TITLE": "Local privilege escalation due to DLL hijacking vulnerability in Acronis Media Builder service"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Acronis Cyber Protect Home Office",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_value": "39612"
}
]
}
},
{
"product_name": "Acronis True Image 2021",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_value": "39287"
}
]
}
}
]
},
"vendor_name": "Acronis"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "@xdanes09 (https://hackerone.com/xdanes09)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Local privilege escalation due to DLL hijacking vulnerability in Acronis Media Builder service. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-427"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-advisory.acronis.com/advisories/SEC-3058",
"refsource": "MISC",
"url": "https://security-advisory.acronis.com/advisories/SEC-3058"
}
]
},
"source": {
"advisory": "SEC-3058",
"defect": [
"SEC-3058"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2021-44206",
"datePublished": "2022-02-04T22:29:33.897481Z",
"dateReserved": "2021-11-24T00:00:00",
"dateUpdated": "2024-09-16T22:45:14.240Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-32579
Vulnerability from cvelistv5
Published
2021-08-05 19:04
Modified
2024-08-03 23:25
Severity ?
EPSS score ?
Summary
Acronis True Image prior to 2021 Update 4 for Windows and Acronis True Image prior to 2021 Update 5 for macOS allowed an unauthenticated attacker (who has a local code execution ability) to tamper with the micro-service API.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.acronis.com/content/68419 | x_refsource_MISC | |
| https://kb.acronis.com/content/68413 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:25:30.453Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.acronis.com/content/68419"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.acronis.com/content/68413"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Acronis True Image prior to 2021 Update 4 for Windows and Acronis True Image prior to 2021 Update 5 for macOS allowed an unauthenticated attacker (who has a local code execution ability) to tamper with the micro-service API."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-05T19:04:57",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.acronis.com/content/68419"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.acronis.com/content/68413"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-32579",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Acronis True Image prior to 2021 Update 4 for Windows and Acronis True Image prior to 2021 Update 5 for macOS allowed an unauthenticated attacker (who has a local code execution ability) to tamper with the micro-service API."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.acronis.com/content/68419",
"refsource": "MISC",
"url": "https://kb.acronis.com/content/68419"
},
{
"name": "https://kb.acronis.com/content/68413",
"refsource": "MISC",
"url": "https://kb.acronis.com/content/68413"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-32579",
"datePublished": "2021-08-05T19:04:57",
"dateReserved": "2021-05-11T00:00:00",
"dateUpdated": "2024-08-03T23:25:30.453Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-15495
Vulnerability from cvelistv5
Published
2021-07-15 14:19
Modified
2024-08-04 13:15
Severity ?
EPSS score ?
Summary
Acronis True Image 2019 update 1 through 2020 on macOS allows local privilege escalation due to an insecure XPC service configuration.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.acronis.com/en-us/support/updates/index.html | x_refsource_MISC | |
| https://kb.acronis.com/content/68061 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:15:20.733Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.acronis.com/en-us/support/updates/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.acronis.com/content/68061"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Acronis True Image 2019 update 1 through 2020 on macOS allows local privilege escalation due to an insecure XPC service configuration."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-15T14:19:18",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.acronis.com/en-us/support/updates/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.acronis.com/content/68061"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-15495",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Acronis True Image 2019 update 1 through 2020 on macOS allows local privilege escalation due to an insecure XPC service configuration."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.acronis.com/en-us/support/updates/index.html",
"refsource": "MISC",
"url": "https://www.acronis.com/en-us/support/updates/index.html"
},
{
"name": "https://kb.acronis.com/content/68061",
"refsource": "MISC",
"url": "https://kb.acronis.com/content/68061"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-15495",
"datePublished": "2021-07-15T14:19:18",
"dateReserved": "2020-07-01T00:00:00",
"dateUpdated": "2024-08-04T13:15:20.733Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-3219
Vulnerability from cvelistv5
Published
2017-06-21 20:00
Modified
2024-08-05 14:16
Severity ?
EPSS score ?
Summary
Acronis True Image up to and including version 2017 Build 8053 performs software updates using HTTP. Downloaded updates are only verified using a server-provided MD5 hash.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/99128 | vdb-entry, x_refsource_BID | |
| https://www.kb.cert.org/vuls/id/489392 | third-party-advisory, x_refsource_CERT-VN |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Acronis | True Image |
Version: unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:16:28.231Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "99128",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99128"
},
{
"name": "VU#489392",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/489392"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "True Image",
"vendor": "Acronis",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
}
],
"datePublic": "2017-06-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Acronis True Image up to and including version 2017 Build 8053 performs software updates using HTTP. Downloaded updates are only verified using a server-provided MD5 hash."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-311",
"description": "CWE-311",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-22T09:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "99128",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99128"
},
{
"name": "VU#489392",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/489392"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2017-3219",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "True Image",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
}
]
},
"vendor_name": "Acronis"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Acronis True Image up to and including version 2017 Build 8053 performs software updates using HTTP. Downloaded updates are only verified using a server-provided MD5 hash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-311"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99128",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99128"
},
{
"name": "VU#489392",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/489392"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2017-3219",
"datePublished": "2017-06-21T20:00:00",
"dateReserved": "2016-12-05T00:00:00",
"dateUpdated": "2024-08-05T14:16:28.231Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-44204
Vulnerability from cvelistv5
Published
2022-02-04 22:29
Modified
2024-09-17 01:12
Severity ?
EPSS score ?
Summary
Local privilege escalation via named pipe due to improper access control checks. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27147, Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-2355 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Acronis | Acronis Cyber Protect 15 |
Version: unspecified < 28035 |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:17:24.863Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-2355"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows"
],
"product": "Acronis Cyber Protect 15",
"vendor": "Acronis",
"versions": [
{
"lessThan": "28035",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows"
],
"product": "Acronis Agent",
"vendor": "Acronis",
"versions": [
{
"lessThan": "27147",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows"
],
"product": "Acronis Cyber Protect Home Office",
"vendor": "Acronis",
"versions": [
{
"lessThan": "39612",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows"
],
"product": "Acronis True Image 2021",
"vendor": "Acronis",
"versions": [
{
"lessThan": "39287",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "@xnand (https://hackerone.com/xnand)"
}
],
"datePublic": "2022-02-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation via named pipe due to improper access control checks. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27147, Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-04T22:29:33",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-2355"
}
],
"source": {
"advisory": "SEC-2355",
"defect": [
"SEC-2355"
],
"discovery": "EXTERNAL"
},
"title": "Local privilege escalation via named pipe due to improper access control checks",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@acronis.com",
"DATE_PUBLIC": "2022-02-02T00:00:00.000Z",
"ID": "CVE-2021-44204",
"STATE": "PUBLIC",
"TITLE": "Local privilege escalation via named pipe due to improper access control checks"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Acronis Cyber Protect 15",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_value": "28035"
}
]
}
},
{
"product_name": "Acronis Agent",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_value": "27147"
}
]
}
},
{
"product_name": "Acronis Cyber Protect Home Office",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_value": "39612"
}
]
}
},
{
"product_name": "Acronis True Image 2021",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_value": "39287"
}
]
}
}
]
},
"vendor_name": "Acronis"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "@xnand (https://hackerone.com/xnand)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Local privilege escalation via named pipe due to improper access control checks. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27147, Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-advisory.acronis.com/advisories/SEC-2355",
"refsource": "MISC",
"url": "https://security-advisory.acronis.com/advisories/SEC-2355"
}
]
},
"source": {
"advisory": "SEC-2355",
"defect": [
"SEC-2355"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2021-44204",
"datePublished": "2022-02-04T22:29:33.071413Z",
"dateReserved": "2021-11-24T00:00:00",
"dateUpdated": "2024-09-17T01:12:21.982Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-24114
Vulnerability from cvelistv5
Published
2022-02-04 22:29
Modified
2024-09-17 03:07
Severity ?
EPSS score ?
Summary
Local privilege escalation due to race condition on application startup. The following products are affected: Acronis Cyber Protect Home Office (macOS) before build 39605, Acronis True Image 2021 (macOS) before build 39287
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-3316 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Acronis | Acronis Cyber Protect Home Office |
Version: unspecified < 39605 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:59:23.673Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3316"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"macOS"
],
"product": "Acronis Cyber Protect Home Office",
"vendor": "Acronis",
"versions": [
{
"lessThan": "39605",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"macOS"
],
"product": "Acronis True Image 2021",
"vendor": "Acronis",
"versions": [
{
"lessThan": "39287",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "@vkas-afk (https://hackerone.com/vkas-afk)"
}
],
"datePublic": "2022-02-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation due to race condition on application startup. The following products are affected: Acronis Cyber Protect Home Office (macOS) before build 39605, Acronis True Image 2021 (macOS) before build 39287"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-04T22:29:32",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3316"
}
],
"source": {
"advisory": "SEC-3316",
"defect": [
"SEC-3316"
],
"discovery": "EXTERNAL"
},
"title": "Local privilege escalation due to race condition on application startup",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@acronis.com",
"DATE_PUBLIC": "2022-02-02T00:00:00.000Z",
"ID": "CVE-2022-24114",
"STATE": "PUBLIC",
"TITLE": "Local privilege escalation due to race condition on application startup"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Acronis Cyber Protect Home Office",
"version": {
"version_data": [
{
"platform": "macOS",
"version_affected": "\u003c",
"version_value": "39605"
}
]
}
},
{
"product_name": "Acronis True Image 2021",
"version": {
"version_data": [
{
"platform": "macOS",
"version_affected": "\u003c",
"version_value": "39287"
}
]
}
}
]
},
"vendor_name": "Acronis"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "@vkas-afk (https://hackerone.com/vkas-afk)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Local privilege escalation due to race condition on application startup. The following products are affected: Acronis Cyber Protect Home Office (macOS) before build 39605, Acronis True Image 2021 (macOS) before build 39287"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-362"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-advisory.acronis.com/advisories/SEC-3316",
"refsource": "MISC",
"url": "https://security-advisory.acronis.com/advisories/SEC-3316"
}
]
},
"source": {
"advisory": "SEC-3316",
"defect": [
"SEC-3316"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2022-24114",
"datePublished": "2022-02-04T22:29:32.323632Z",
"dateReserved": "2022-01-28T00:00:00",
"dateUpdated": "2024-09-17T03:07:25.536Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-32578
Vulnerability from cvelistv5
Published
2021-08-05 19:16
Modified
2024-08-03 23:25
Severity ?
EPSS score ?
Summary
Acronis True Image prior to 2021 Update 4 for Windows allowed local privilege escalation due to improper soft link handling (issue 2 of 2).
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.acronis.com/content/68419 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:25:30.317Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.acronis.com/content/68419"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Acronis True Image prior to 2021 Update 4 for Windows allowed local privilege escalation due to improper soft link handling (issue 2 of 2)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-05T19:16:41",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.acronis.com/content/68419"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-32578",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Acronis True Image prior to 2021 Update 4 for Windows allowed local privilege escalation due to improper soft link handling (issue 2 of 2)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.acronis.com/content/68419",
"refsource": "MISC",
"url": "https://kb.acronis.com/content/68419"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-32578",
"datePublished": "2021-08-05T19:16:41",
"dateReserved": "2021-05-11T00:00:00",
"dateUpdated": "2024-08-03T23:25:30.317Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-15496
Vulnerability from cvelistv5
Published
2021-07-15 13:57
Modified
2024-08-04 13:15
Severity ?
EPSS score ?
Summary
Acronis True Image for Mac before 2021 Update 4 allowed local privilege escalation due to insecure folder permissions.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.acronis.com/en-us/support/updates/index.html | x_refsource_MISC | |
| https://kb.acronis.com/content/68396 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:15:20.734Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.acronis.com/en-us/support/updates/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.acronis.com/content/68396"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Acronis True Image for Mac before 2021 Update 4 allowed local privilege escalation due to insecure folder permissions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-15T13:57:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.acronis.com/en-us/support/updates/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.acronis.com/content/68396"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-15496",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Acronis True Image for Mac before 2021 Update 4 allowed local privilege escalation due to insecure folder permissions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.acronis.com/en-us/support/updates/index.html",
"refsource": "MISC",
"url": "https://www.acronis.com/en-us/support/updates/index.html"
},
{
"name": "https://kb.acronis.com/content/68396",
"refsource": "MISC",
"url": "https://kb.acronis.com/content/68396"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-15496",
"datePublished": "2021-07-15T13:57:08",
"dateReserved": "2020-07-01T00:00:00",
"dateUpdated": "2024-08-04T13:15:20.734Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-25593
Vulnerability from cvelistv5
Published
2021-07-15 14:07
Modified
2024-08-04 15:33
Severity ?
EPSS score ?
Summary
Acronis True Image through 2021 on macOS allows local privilege escalation from admin to root due to insecure folder permissions.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.acronis.com/en-us/blog/ | x_refsource_MISC | |
| https://kb.acronis.com/content/68396 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:33:05.801Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.acronis.com/en-us/blog/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.acronis.com/content/68396"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Acronis True Image through 2021 on macOS allows local privilege escalation from admin to root due to insecure folder permissions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-15T14:07:55",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.acronis.com/en-us/blog/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.acronis.com/content/68396"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-25593",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Acronis True Image through 2021 on macOS allows local privilege escalation from admin to root due to insecure folder permissions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.acronis.com/en-us/blog/",
"refsource": "MISC",
"url": "https://www.acronis.com/en-us/blog/"
},
{
"name": "https://kb.acronis.com/content/68396",
"refsource": "MISC",
"url": "https://kb.acronis.com/content/68396"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-25593",
"datePublished": "2021-07-15T14:07:55",
"dateReserved": "2020-09-15T00:00:00",
"dateUpdated": "2024-08-04T15:33:05.801Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-44205
Vulnerability from cvelistv5
Published
2022-02-04 22:29
Modified
2024-09-17 01:36
Severity ?
EPSS score ?
Summary
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-3059 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Acronis | Acronis Cyber Protect Home Office |
Version: unspecified < 39612 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:17:24.843Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3059"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows"
],
"product": "Acronis Cyber Protect Home Office",
"vendor": "Acronis",
"versions": [
{
"lessThan": "39612",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows"
],
"product": "Acronis True Image 2021",
"vendor": "Acronis",
"versions": [
{
"lessThan": "39287",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "@xdanes09 (https://hackerone.com/xdanes09)"
}
],
"datePublic": "2022-02-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-04T22:29:31",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3059"
}
],
"source": {
"advisory": "SEC-3059",
"defect": [
"SEC-3059"
],
"discovery": "EXTERNAL"
},
"title": "Local privilege escalation due to DLL hijacking vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@acronis.com",
"DATE_PUBLIC": "2022-02-02T00:00:00.000Z",
"ID": "CVE-2021-44205",
"STATE": "PUBLIC",
"TITLE": "Local privilege escalation due to DLL hijacking vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Acronis Cyber Protect Home Office",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_value": "39612"
}
]
}
},
{
"product_name": "Acronis True Image 2021",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_value": "39287"
}
]
}
}
]
},
"vendor_name": "Acronis"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "@xdanes09 (https://hackerone.com/xdanes09)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-427"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-advisory.acronis.com/advisories/SEC-3059",
"refsource": "MISC",
"url": "https://security-advisory.acronis.com/advisories/SEC-3059"
}
]
},
"source": {
"advisory": "SEC-3059",
"defect": [
"SEC-3059"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2021-44205",
"datePublished": "2022-02-04T22:29:31.627056Z",
"dateReserved": "2021-11-24T00:00:00",
"dateUpdated": "2024-09-17T01:36:39.205Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-35145
Vulnerability from cvelistv5
Published
2021-01-29 06:49
Modified
2024-08-04 16:55
Severity ?
EPSS score ?
Summary
Acronis True Image for Windows prior to 2021 Update 3 allowed local privilege escalation due to a DLL hijacking vulnerability in multiple components, aka an Untrusted Search Path issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.acronis.com/en-us/products/true-image/ | x_refsource_MISC | |
| https://www.acronis.com/en-us/support/updates/changes.html?p=42246 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:55:10.944Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.acronis.com/en-us/products/true-image/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.acronis.com/en-us/support/updates/changes.html?p=42246"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Acronis True Image for Windows prior to 2021 Update 3 allowed local privilege escalation due to a DLL hijacking vulnerability in multiple components, aka an Untrusted Search Path issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-29T06:49:39",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.acronis.com/en-us/products/true-image/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.acronis.com/en-us/support/updates/changes.html?p=42246"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-35145",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Acronis True Image for Windows prior to 2021 Update 3 allowed local privilege escalation due to a DLL hijacking vulnerability in multiple components, aka an Untrusted Search Path issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.acronis.com/en-us/products/true-image/",
"refsource": "MISC",
"url": "https://www.acronis.com/en-us/products/true-image/"
},
{
"name": "https://www.acronis.com/en-us/support/updates/changes.html?p=42246",
"refsource": "CONFIRM",
"url": "https://www.acronis.com/en-us/support/updates/changes.html?p=42246"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35145",
"datePublished": "2021-01-29T06:49:39",
"dateReserved": "2020-12-11T00:00:00",
"dateUpdated": "2024-08-04T16:55:10.944Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-32580
Vulnerability from cvelistv5
Published
2021-08-05 19:06
Modified
2024-08-03 23:25
Severity ?
EPSS score ?
Summary
Acronis True Image prior to 2021 Update 4 for Windows allowed local privilege escalation due to DLL hijacking.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.acronis.com/content/68419 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:25:30.486Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.acronis.com/content/68419"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Acronis True Image prior to 2021 Update 4 for Windows allowed local privilege escalation due to DLL hijacking."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-05T19:06:36",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.acronis.com/content/68419"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-32580",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Acronis True Image prior to 2021 Update 4 for Windows allowed local privilege escalation due to DLL hijacking."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.acronis.com/content/68419",
"refsource": "MISC",
"url": "https://kb.acronis.com/content/68419"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-32580",
"datePublished": "2021-08-05T19:06:36",
"dateReserved": "2021-05-11T00:00:00",
"dateUpdated": "2024-08-03T23:25:30.486Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-32576
Vulnerability from cvelistv5
Published
2021-08-05 19:07
Modified
2024-08-03 23:25
Severity ?
EPSS score ?
Summary
Acronis True Image prior to 2021 Update 4 for Windows allowed local privilege escalation due to improper soft link handling (issue 1 of 2).
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.acronis.com/content/68419 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:25:30.992Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.acronis.com/content/68419"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Acronis True Image prior to 2021 Update 4 for Windows allowed local privilege escalation due to improper soft link handling (issue 1 of 2)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-05T19:07:57",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.acronis.com/content/68419"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-32576",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Acronis True Image prior to 2021 Update 4 for Windows allowed local privilege escalation due to improper soft link handling (issue 1 of 2)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.acronis.com/content/68419",
"refsource": "MISC",
"url": "https://kb.acronis.com/content/68419"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-32576",
"datePublished": "2021-08-05T19:07:57",
"dateReserved": "2021-05-11T00:00:00",
"dateUpdated": "2024-08-03T23:25:30.992Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-1280
Vulnerability from cvelistv5
Published
2008-03-10 23:00
Modified
2024-08-07 08:17
Severity ?
EPSS score ?
Summary
Acronis True Image Windows Agent 1.0.0.54 and earlier, included in Acronis True Image Enterprise Server 9.5.0.8072 and the other True Image packages, allows remote attackers to cause a denial of service (crash) via a malformed packet to port 9876, which triggers a NULL pointer dereference.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/29306 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/41070 | vdb-entry, x_refsource_XF | |
| http://www.vupen.com/english/advisories/2008/0812/references | vdb-entry, x_refsource_VUPEN | |
| http://aluigi.altervista.org/adv/acroagent-adv.txt | x_refsource_MISC | |
| http://www.securityfocus.com/bid/28169 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/489362/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:17:34.499Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "29306",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29306"
},
{
"name": "acronis-windows-agent-dos(41070)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41070"
},
{
"name": "ADV-2008-0812",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0812/references"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/acroagent-adv.txt"
},
{
"name": "28169",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28169"
},
{
"name": "20080310 NULL pointer in Acronis True Image Windows Agent 1.0.0.54",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/489362/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Acronis True Image Windows Agent 1.0.0.54 and earlier, included in Acronis True Image Enterprise Server 9.5.0.8072 and the other True Image packages, allows remote attackers to cause a denial of service (crash) via a malformed packet to port 9876, which triggers a NULL pointer dereference."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "29306",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29306"
},
{
"name": "acronis-windows-agent-dos(41070)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41070"
},
{
"name": "ADV-2008-0812",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0812/references"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/acroagent-adv.txt"
},
{
"name": "28169",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28169"
},
{
"name": "20080310 NULL pointer in Acronis True Image Windows Agent 1.0.0.54",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/489362/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1280",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Acronis True Image Windows Agent 1.0.0.54 and earlier, included in Acronis True Image Enterprise Server 9.5.0.8072 and the other True Image packages, allows remote attackers to cause a denial of service (crash) via a malformed packet to port 9876, which triggers a NULL pointer dereference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29306",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29306"
},
{
"name": "acronis-windows-agent-dos(41070)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41070"
},
{
"name": "ADV-2008-0812",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0812/references"
},
{
"name": "http://aluigi.altervista.org/adv/acroagent-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/acroagent-adv.txt"
},
{
"name": "28169",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28169"
},
{
"name": "20080310 NULL pointer in Acronis True Image Windows Agent 1.0.0.54",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489362/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1280",
"datePublished": "2008-03-10T23:00:00",
"dateReserved": "2008-03-10T00:00:00",
"dateUpdated": "2024-08-07T08:17:34.499Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-24113
Vulnerability from cvelistv5
Published
2022-02-04 22:29
Modified
2024-09-16 19:57
Severity ?
EPSS score ?
Summary
Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27147, Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-2881 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Acronis | Acronis Cyber Protect 15 |
Version: unspecified < 28035 |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:59:23.553Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-2881"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows"
],
"product": "Acronis Cyber Protect 15",
"vendor": "Acronis",
"versions": [
{
"lessThan": "28035",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows"
],
"product": "Acronis Agent",
"vendor": "Acronis",
"versions": [
{
"lessThan": "27147",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows"
],
"product": "Acronis Cyber Protect Home Office",
"vendor": "Acronis",
"versions": [
{
"lessThan": "39612",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows"
],
"product": "Acronis True Image 2021",
"vendor": "Acronis",
"versions": [
{
"lessThan": "39287",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "@penrose (https://hackerone.com/penrose)"
}
],
"datePublic": "2022-02-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27147, Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-04T22:29:30",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-2881"
}
],
"source": {
"advisory": "SEC-2881",
"defect": [
"SEC-2881"
],
"discovery": "EXTERNAL"
},
"title": "Local privilege escalation due to excessive permissions assigned to child processes",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@acronis.com",
"DATE_PUBLIC": "2022-02-02T00:00:00.000Z",
"ID": "CVE-2022-24113",
"STATE": "PUBLIC",
"TITLE": "Local privilege escalation due to excessive permissions assigned to child processes"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Acronis Cyber Protect 15",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_value": "28035"
}
]
}
},
{
"product_name": "Acronis Agent",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_value": "27147"
}
]
}
},
{
"product_name": "Acronis Cyber Protect Home Office",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_value": "39612"
}
]
}
},
{
"product_name": "Acronis True Image 2021",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_value": "39287"
}
]
}
}
]
},
"vendor_name": "Acronis"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "@penrose (https://hackerone.com/penrose)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27147, Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-250"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-advisory.acronis.com/advisories/SEC-2881",
"refsource": "MISC",
"url": "https://security-advisory.acronis.com/advisories/SEC-2881"
}
]
},
"source": {
"advisory": "SEC-2881",
"defect": [
"SEC-2881"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2022-24113",
"datePublished": "2022-02-04T22:29:30.215128Z",
"dateReserved": "2022-01-28T00:00:00",
"dateUpdated": "2024-09-16T19:57:01.189Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-32577
Vulnerability from cvelistv5
Published
2021-08-05 19:21
Modified
2024-08-03 23:25
Severity ?
EPSS score ?
Summary
Acronis True Image prior to 2021 Update 5 for Windows allowed local privilege escalation due to insecure folder permissions.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.acronis.com/content/68413 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:25:29.968Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.acronis.com/content/68413"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Acronis True Image prior to 2021 Update 5 for Windows allowed local privilege escalation due to insecure folder permissions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-05T19:21:04",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.acronis.com/content/68413"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-32577",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Acronis True Image prior to 2021 Update 5 for Windows allowed local privilege escalation due to insecure folder permissions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.acronis.com/content/68413",
"refsource": "MISC",
"url": "https://kb.acronis.com/content/68413"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-32577",
"datePublished": "2021-08-05T19:21:04",
"dateReserved": "2021-05-11T00:00:00",
"dateUpdated": "2024-08-03T23:25:29.968Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}