Search criteria
12 vulnerabilities found for cyber_backup by acronis
FKIE_CVE-2022-3405
Vulnerability from fkie_nvd - Published: 2023-05-03 11:15 - Updated: 2024-11-21 07:19
Severity ?
Summary
Code execution and sensitive information disclosure due to excessive privileges assigned to Acronis Agent. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 29486, Acronis Cyber Backup 12.5 (Windows, Linux) before build 16545.
References
| URL | Tags | ||
|---|---|---|---|
| security@acronis.com | https://herolab.usd.de/security-advisories/usd-2022-0008/ | Exploit, Third Party Advisory | |
| security@acronis.com | https://security-advisory.acronis.com/advisories/SEC-4092 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://herolab.usd.de/security-advisories/usd-2022-0008/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security-advisory.acronis.com/advisories/SEC-4092 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| acronis | cyber_backup | 12.5 | |
| acronis | cyber_backup | 12.5 | |
| acronis | cyber_backup | 12.5 | |
| acronis | cyber_backup | 12.5 | |
| acronis | cyber_backup | 12.5 | |
| acronis | cyber_backup | 12.5 | |
| acronis | cyber_backup | 12.5 | |
| acronis | cyber_backup | 12.5 | |
| acronis | cyber_backup | 12.5 | |
| acronis | cyber_backup | 12.5 | |
| acronis | cyber_backup | 12.5 | |
| acronis | cyber_backup | 12.5 | |
| acronis | cyber_backup | 12.5 | |
| acronis | cyber_backup | 12.5 | |
| acronis | cyber_backup | 12.5 | |
| acronis | cyber_protect | 15 | |
| acronis | cyber_protect | 15 | |
| acronis | cyber_protect | 15 | |
| acronis | cyber_protect | 15 | |
| linux | linux_kernel | - | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:-:*:*:*:*:*:*",
"matchCriteriaId": "3117B8C4-C8E6-4F50-923D-5BF50222337D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:10130:*:*:*:*:*:*",
"matchCriteriaId": "C2ECE37D-291E-4D07-9D8B-79D09D78FA35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:10330:*:*:*:*:*:*",
"matchCriteriaId": "9826E331-15CB-454D-80E6-B39B380894F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:11010:*:*:*:*:*:*",
"matchCriteriaId": "89A4839A-EF22-4E28-82ED-5828207D7ADE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:13160:*:*:*:*:*:*",
"matchCriteriaId": "A847D357-EB6F-4CBF-AEB7-20ABF6B6A0E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:13400:*:*:*:*:*:*",
"matchCriteriaId": "6677430F-19A5-4D7A-91F5-9D906DC48174",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:14280:*:*:*:*:*:*",
"matchCriteriaId": "C38873F8-EB4E-4B20-B4BB-A8E9CC2E4FC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:14330:*:*:*:*:*:*",
"matchCriteriaId": "00644AD1-6114-4470-8AD6-C2D975329A71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:16180:*:*:*:*:*:*",
"matchCriteriaId": "49694CEB-C054-4D02-A7BA-D57E7A1538C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:16318:*:*:*:*:*:*",
"matchCriteriaId": "3FE3F243-202A-4EF5-B4B8-F912B6763F22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:16327:*:*:*:*:*:*",
"matchCriteriaId": "D5831900-150B-4DAD-A17D-C974F8F91C8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:7641:*:*:*:*:*:*",
"matchCriteriaId": "3F540D84-5562-41AE-9294-64F19596149E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:7970:*:*:*:*:*:*",
"matchCriteriaId": "122DEB91-6506-4F94-9C79-887EECE68A7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:8850:*:*:*:*:*:*",
"matchCriteriaId": "0B6EA731-C344-424E-B5FB-291CD59DDAB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:9010:*:*:*:*:*:*",
"matchCriteriaId": "EF144B8E-E42F-41E3-8E23-88B1F862D14A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_protect:15:-:*:*:*:*:*:*",
"matchCriteriaId": "89899D10-1343-4276-919A-9C1DF2DB8B55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_protect:15:update1:*:*:*:*:*:*",
"matchCriteriaId": "A77B2499-B3A4-4278-BA0D-59AB59C60352",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_protect:15:update2:*:*:*:*:*:*",
"matchCriteriaId": "BAF6A576-C320-4550-B7F8-4FCAE82FB06A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_protect:15:update3:*:*:*:*:*:*",
"matchCriteriaId": "9740A956-D589-4846-8717-B6182EB65F8B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Code execution and sensitive information disclosure due to excessive privileges assigned to Acronis Agent. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 29486, Acronis Cyber Backup 12.5 (Windows, Linux) before build 16545."
}
],
"id": "CVE-2022-3405",
"lastModified": "2024-11-21T07:19:27.207",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.8,
"source": "security@acronis.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-03T11:15:11.650",
"references": [
{
"source": "security@acronis.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://herolab.usd.de/security-advisories/usd-2022-0008/"
},
{
"source": "security@acronis.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-4092"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://herolab.usd.de/security-advisories/usd-2022-0008/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-4092"
}
],
"sourceIdentifier": "security@acronis.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "security@acronis.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-30995
Vulnerability from fkie_nvd - Published: 2023-05-03 11:15 - Updated: 2024-11-21 07:03
Severity ?
Summary
Sensitive information disclosure due to improper authentication. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 29486, Acronis Cyber Backup 12.5 (Windows, Linux) before build 16545.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| acronis | cyber_backup | 12.5 | |
| acronis | cyber_backup | 12.5 | |
| acronis | cyber_backup | 12.5 | |
| acronis | cyber_backup | 12.5 | |
| acronis | cyber_backup | 12.5 | |
| acronis | cyber_backup | 12.5 | |
| acronis | cyber_backup | 12.5 | |
| acronis | cyber_backup | 12.5 | |
| acronis | cyber_backup | 12.5 | |
| acronis | cyber_backup | 12.5 | |
| acronis | cyber_backup | 12.5 | |
| acronis | cyber_backup | 12.5 | |
| acronis | cyber_backup | 12.5 | |
| acronis | cyber_backup | 12.5 | |
| acronis | cyber_backup | 12.5 | |
| acronis | cyber_protect | 15 | |
| acronis | cyber_protect | 15 | |
| acronis | cyber_protect | 15 | |
| acronis | cyber_protect | 15 | |
| linux | linux_kernel | - | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:-:*:*:*:*:*:*",
"matchCriteriaId": "3117B8C4-C8E6-4F50-923D-5BF50222337D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:10130:*:*:*:*:*:*",
"matchCriteriaId": "C2ECE37D-291E-4D07-9D8B-79D09D78FA35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:10330:*:*:*:*:*:*",
"matchCriteriaId": "9826E331-15CB-454D-80E6-B39B380894F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:11010:*:*:*:*:*:*",
"matchCriteriaId": "89A4839A-EF22-4E28-82ED-5828207D7ADE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:13160:*:*:*:*:*:*",
"matchCriteriaId": "A847D357-EB6F-4CBF-AEB7-20ABF6B6A0E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:13400:*:*:*:*:*:*",
"matchCriteriaId": "6677430F-19A5-4D7A-91F5-9D906DC48174",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:14280:*:*:*:*:*:*",
"matchCriteriaId": "C38873F8-EB4E-4B20-B4BB-A8E9CC2E4FC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:14330:*:*:*:*:*:*",
"matchCriteriaId": "00644AD1-6114-4470-8AD6-C2D975329A71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:16180:*:*:*:*:*:*",
"matchCriteriaId": "49694CEB-C054-4D02-A7BA-D57E7A1538C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:16318:*:*:*:*:*:*",
"matchCriteriaId": "3FE3F243-202A-4EF5-B4B8-F912B6763F22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:16327:*:*:*:*:*:*",
"matchCriteriaId": "D5831900-150B-4DAD-A17D-C974F8F91C8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:7641:*:*:*:*:*:*",
"matchCriteriaId": "3F540D84-5562-41AE-9294-64F19596149E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:7970:*:*:*:*:*:*",
"matchCriteriaId": "122DEB91-6506-4F94-9C79-887EECE68A7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:8850:*:*:*:*:*:*",
"matchCriteriaId": "0B6EA731-C344-424E-B5FB-291CD59DDAB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:9010:*:*:*:*:*:*",
"matchCriteriaId": "EF144B8E-E42F-41E3-8E23-88B1F862D14A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_protect:15:-:*:*:*:*:*:*",
"matchCriteriaId": "89899D10-1343-4276-919A-9C1DF2DB8B55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_protect:15:update1:*:*:*:*:*:*",
"matchCriteriaId": "A77B2499-B3A4-4278-BA0D-59AB59C60352",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_protect:15:update2:*:*:*:*:*:*",
"matchCriteriaId": "BAF6A576-C320-4550-B7F8-4FCAE82FB06A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_protect:15:update3:*:*:*:*:*:*",
"matchCriteriaId": "9740A956-D589-4846-8717-B6182EB65F8B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sensitive information disclosure due to improper authentication. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 29486, Acronis Cyber Backup 12.5 (Windows, Linux) before build 16545."
}
],
"id": "CVE-2022-30995",
"lastModified": "2024-11-21T07:03:40.847",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.8,
"source": "security@acronis.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-03T11:15:11.193",
"references": [
{
"source": "security@acronis.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3855"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3855"
}
],
"sourceIdentifier": "security@acronis.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "security@acronis.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-10138
Vulnerability from fkie_nvd - Published: 2020-10-21 14:15 - Updated: 2024-11-21 04:54
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Acronis Cyber Backup 12.5 and Cyber Protect 15 include an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkins_agent\. Acronis Cyber Backup and Cyber Protect contain a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system root, a user can create the appropriate path to a specially-crafted openssl.cnf file to achieve arbitrary code execution with SYSTEM privileges.
References
| URL | Tags | ||
|---|---|---|---|
| cret@cert.org | https://www.kb.cert.org/vuls/id/114757 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.kb.cert.org/vuls/id/114757 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| acronis | cyber_backup | * | |
| acronis | cyber_protect | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acronis:cyber_backup:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D50B1D5A-751B-43C6-A5DE-681B242A1874",
"versionEndExcluding": "12.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_protect:*:*:*:*:*:*:*:*",
"matchCriteriaId": "547972AF-7F43-4A6D-AFC7-5514DD9995A6",
"versionEndExcluding": "15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Acronis Cyber Backup 12.5 and Cyber Protect 15 include an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\\jenkins_agent\\. Acronis Cyber Backup and Cyber Protect contain a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system root, a user can create the appropriate path to a specially-crafted openssl.cnf file to achieve arbitrary code execution with SYSTEM privileges."
},
{
"lang": "es",
"value": "Acronis Cyber ??Backup versi\u00f3n 12.5 y Cyber ??Protect versi\u00f3n 15 incluyen un componente OpenSSL que especifica una variable OPENSSLDIR como un subdirectorio dentro de C:\\jenkins_agent\\.\u0026#xa0;Acronis Cyber ??Backup y Cyber ??Protect contienen un servicio privilegiado que usa este componente de OpenSSL.\u0026#xa0;Debido a que los usuarios de Windows no privilegiados pueden crear subdirectorios fuera del root del sistema, un usuario puede crear la ruta apropiada a un archivo openssl.cnf especialmente dise\u00f1ado para lograr una ejecuci\u00f3n de c\u00f3digo arbitraria con privilegios del SYSTEM"
}
],
"id": "CVE-2020-10138",
"lastModified": "2024-11-21T04:54:53.767",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "cret@cert.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-21T14:15:15.013",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/114757"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/114757"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "cret@cert.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-665"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-16171
Vulnerability from fkie_nvd - Published: 2020-09-21 14:15 - Updated: 2024-11-21 05:06
Severity ?
Summary
An issue was discovered in Acronis Cyber Backup before 12.5 Build 16342. Some API endpoints on port 9877 under /api/ams/ accept an additional custom Shard header. The value of this header is afterwards used in a separate web request issued by the application itself. This can be abused to conduct SSRF attacks against otherwise unreachable Acronis services that are bound to localhost such as the NotificationService on 127.0.0.1:30572.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://seclists.org/fulldisclosure/2020/Sep/33 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.rcesecurity.com/2020/09/CVE-2020-16171-Exploiting-Acronis-Cyber-Backup-for-Fun-and-Emails/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2020/Sep/33 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.rcesecurity.com/2020/09/CVE-2020-16171-Exploiting-Acronis-Cyber-Backup-for-Fun-and-Emails/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| acronis | cyber_backup | * | |
| acronis | cyber_backup | 12.5 | |
| acronis | cyber_backup | 12.5 | |
| acronis | cyber_backup | 12.5 | |
| acronis | cyber_backup | 12.5 | |
| acronis | cyber_backup | 12.5 | |
| acronis | cyber_backup | 12.5 | |
| acronis | cyber_backup | 12.5 | |
| acronis | cyber_backup | 12.5 | |
| acronis | cyber_backup | 12.5 | |
| acronis | cyber_backup | 12.5 | |
| acronis | cyber_backup | 12.5 | |
| acronis | cyber_backup | 12.5 | |
| acronis | cyber_backup | 12.5 | |
| acronis | cyber_backup | 12.5 | |
| acronis | cyber_backup | 12.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acronis:cyber_backup:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E4A6690B-6355-4BA3-844C-8454A9EF9B2D",
"versionEndIncluding": "12.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:-:*:*:*:*:*:*",
"matchCriteriaId": "3117B8C4-C8E6-4F50-923D-5BF50222337D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:10130:*:*:*:*:*:*",
"matchCriteriaId": "C2ECE37D-291E-4D07-9D8B-79D09D78FA35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:10330:*:*:*:*:*:*",
"matchCriteriaId": "9826E331-15CB-454D-80E6-B39B380894F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:11010:*:*:*:*:*:*",
"matchCriteriaId": "89A4839A-EF22-4E28-82ED-5828207D7ADE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:13160:*:*:*:*:*:*",
"matchCriteriaId": "A847D357-EB6F-4CBF-AEB7-20ABF6B6A0E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:13400:*:*:*:*:*:*",
"matchCriteriaId": "6677430F-19A5-4D7A-91F5-9D906DC48174",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:14280:*:*:*:*:*:*",
"matchCriteriaId": "C38873F8-EB4E-4B20-B4BB-A8E9CC2E4FC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:14330:*:*:*:*:*:*",
"matchCriteriaId": "00644AD1-6114-4470-8AD6-C2D975329A71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:16180:*:*:*:*:*:*",
"matchCriteriaId": "49694CEB-C054-4D02-A7BA-D57E7A1538C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:16318:*:*:*:*:*:*",
"matchCriteriaId": "3FE3F243-202A-4EF5-B4B8-F912B6763F22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:16327:*:*:*:*:*:*",
"matchCriteriaId": "D5831900-150B-4DAD-A17D-C974F8F91C8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:7641:*:*:*:*:*:*",
"matchCriteriaId": "3F540D84-5562-41AE-9294-64F19596149E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:7970:*:*:*:*:*:*",
"matchCriteriaId": "122DEB91-6506-4F94-9C79-887EECE68A7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:8850:*:*:*:*:*:*",
"matchCriteriaId": "0B6EA731-C344-424E-B5FB-291CD59DDAB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:9010:*:*:*:*:*:*",
"matchCriteriaId": "EF144B8E-E42F-41E3-8E23-88B1F862D14A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Acronis Cyber Backup before 12.5 Build 16342. Some API endpoints on port 9877 under /api/ams/ accept an additional custom Shard header. The value of this header is afterwards used in a separate web request issued by the application itself. This can be abused to conduct SSRF attacks against otherwise unreachable Acronis services that are bound to localhost such as the NotificationService on 127.0.0.1:30572."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Acronis Cyber ??Backup versiones anteriores a 12.5 Build 16342. Algunos endpoints de la API en el puerto 9877 en /api/ams/ aceptan un encabezado Shard personalizado adicional.\u0026#xa0;El valor de este encabezado es usado posteriormente en una petici\u00f3n web separada emitida por la propia aplicaci\u00f3n. Esto puede ser abusado para conducir ataques de tipo SSRF contra servicios de Acronis que de otro modo ser\u00edan inalcanzables y que est\u00e1n vinculados a localhost, tal y como NotificationService versi\u00f3n 127.0.0.1:30572"
}
],
"id": "CVE-2020-16171",
"lastModified": "2024-11-21T05:06:54.360",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-21T14:15:13.370",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2020/Sep/33"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.rcesecurity.com/2020/09/CVE-2020-16171-Exploiting-Acronis-Cyber-Backup-for-Fun-and-Emails/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2020/Sep/33"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.rcesecurity.com/2020/09/CVE-2020-16171-Exploiting-Acronis-Cyber-Backup-for-Fun-and-Emails/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2022-30995 (GCVE-0-2022-30995)
Vulnerability from cvelistv5 – Published: 2023-05-03 10:50 – Updated: 2025-01-30 15:19
VLAI?
Summary
Sensitive information disclosure due to improper authentication. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 29486, Acronis Cyber Backup 12.5 (Windows, Linux) before build 16545.
Severity ?
9.3 (Critical)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Acronis | Acronis Cyber Protect 15 |
Affected:
unspecified , < 29486
(semver)
|
|||||||
|
|||||||||
Credits
@boldglum (https://hackerone.com/boldglum)
Sandro Tolksdorf of usd AG (https://herolab.usd.de)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:03:40.283Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SEC-3855",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3855"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-30995",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-30T15:19:22.624037Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-30T15:19:32.564Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"Linux"
],
"product": "Acronis Cyber Protect 15",
"vendor": "Acronis",
"versions": [
{
"lessThan": "29486",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"Linux"
],
"product": "Acronis Cyber Backup 12.5",
"vendor": "Acronis",
"versions": [
{
"lessThan": "16545",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "@boldglum (https://hackerone.com/boldglum)"
},
{
"lang": "en",
"type": "finder",
"value": "Sandro Tolksdorf of usd AG (https://herolab.usd.de)"
}
],
"descriptions": [
{
"lang": "en",
"value": "Sensitive information disclosure due to improper authentication. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 29486, Acronis Cyber Backup 12.5 (Windows, Linux) before build 16545."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T10:50:45.883Z",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"name": "SEC-3855",
"tags": [
"vendor-advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3855"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2022-30995",
"datePublished": "2023-05-03T10:50:45.883Z",
"dateReserved": "2022-05-18T07:09:14.532Z",
"dateUpdated": "2025-01-30T15:19:32.564Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3405 (GCVE-0-2022-3405)
Vulnerability from cvelistv5 – Published: 2023-05-03 10:49 – Updated: 2025-02-03 18:23
VLAI?
Summary
Code execution and sensitive information disclosure due to excessive privileges assigned to Acronis Agent. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 29486, Acronis Cyber Backup 12.5 (Windows, Linux) before build 16545.
Severity ?
9.3 (Critical)
CWE
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Acronis | Acronis Cyber Protect 15 |
Affected:
unspecified , < 29486
(semver)
|
|||||||
|
|||||||||
Credits
Sandro Tolksdorf of usd AG (https://herolab.usd.de)
@boldglum (https://hackerone.com/boldglum)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:07:06.478Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SEC-4092",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-4092"
},
{
"name": "Authentication Bypass with subsequent Remote Command Execution in Acronis Cyber Protect",
"tags": [
"x_transferred"
],
"url": "https://herolab.usd.de/security-advisories/usd-2022-0008/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3405",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-03T18:23:29.274084Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-03T18:23:43.444Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"Linux"
],
"product": "Acronis Cyber Protect 15",
"vendor": "Acronis",
"versions": [
{
"lessThan": "29486",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"Linux"
],
"product": "Acronis Cyber Backup 12.5",
"vendor": "Acronis",
"versions": [
{
"lessThan": "16545",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Sandro Tolksdorf of usd AG (https://herolab.usd.de)"
},
{
"lang": "en",
"type": "finder",
"value": "@boldglum (https://hackerone.com/boldglum)"
}
],
"descriptions": [
{
"lang": "en",
"value": "Code execution and sensitive information disclosure due to excessive privileges assigned to Acronis Agent. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 29486, Acronis Cyber Backup 12.5 (Windows, Linux) before build 16545."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T10:50:39.541Z",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"name": "SEC-4092",
"tags": [
"vendor-advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-4092"
},
{
"name": "Authentication Bypass with subsequent Remote Command Execution in Acronis Cyber Protect",
"url": "https://herolab.usd.de/security-advisories/usd-2022-0008/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2022-3405",
"datePublished": "2023-05-03T10:49:47.642Z",
"dateReserved": "2022-10-03T16:34:25.515Z",
"dateUpdated": "2025-02-03T18:23:43.444Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10138 (GCVE-0-2020-10138)
Vulnerability from cvelistv5 – Published: 2020-10-21 13:40 – Updated: 2024-08-04 10:50
VLAI?
Summary
Acronis Cyber Backup 12.5 and Cyber Protect 15 include an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkins_agent\. Acronis Cyber Backup and Cyber Protect contain a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system root, a user can create the appropriate path to a specially-crafted openssl.cnf file to achieve arbitrary code execution with SYSTEM privileges.
Severity ?
7.8 (High)
CWE
- CWE-284 - Improper Access Control
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Acronis | Cyber Backup |
Affected:
12.5 , < 16363
(custom)
|
|||||||
|
|||||||||
Credits
Will Dormann
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:50:57.887Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/114757"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cyber Backup",
"vendor": "Acronis",
"versions": [
{
"lessThan": "16363",
"status": "affected",
"version": "12.5",
"versionType": "custom"
}
]
},
{
"product": "Cyber Protect",
"vendor": "Acronis",
"versions": [
{
"lessThan": "24600",
"status": "affected",
"version": "15",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Will Dormann"
}
],
"descriptions": [
{
"lang": "en",
"value": "Acronis Cyber Backup 12.5 and Cyber Protect 15 include an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\\jenkins_agent\\. Acronis Cyber Backup and Cyber Protect contain a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system root, a user can create the appropriate path to a specially-crafted openssl.cnf file to achieve arbitrary code execution with SYSTEM privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-21T13:40:18",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.kb.cert.org/vuls/id/114757"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2020-10138",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cyber Backup",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "12.5",
"version_value": "16363"
}
]
}
},
{
"product_name": "Cyber Protect",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "15",
"version_value": "24600"
}
]
}
}
]
},
"vendor_name": "Acronis"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Will Dormann"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Acronis Cyber Backup 12.5 and Cyber Protect 15 include an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\\jenkins_agent\\. Acronis Cyber Backup and Cyber Protect contain a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system root, a user can create the appropriate path to a specially-crafted openssl.cnf file to achieve arbitrary code execution with SYSTEM privileges."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.kb.cert.org/vuls/id/114757",
"refsource": "MISC",
"url": "https://www.kb.cert.org/vuls/id/114757"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2020-10138",
"datePublished": "2020-10-21T13:40:18",
"dateReserved": "2020-03-05T00:00:00",
"dateUpdated": "2024-08-04T10:50:57.887Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-16171 (GCVE-0-2020-16171)
Vulnerability from cvelistv5 – Published: 2020-09-21 13:07 – Updated: 2024-08-04 13:37
VLAI?
Summary
An issue was discovered in Acronis Cyber Backup before 12.5 Build 16342. Some API endpoints on port 9877 under /api/ams/ accept an additional custom Shard header. The value of this header is afterwards used in a separate web request issued by the application itself. This can be abused to conduct SSRF attacks against otherwise unreachable Acronis services that are bound to localhost such as the NotificationService on 127.0.0.1:30572.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:37:54.193Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Sep/33"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.rcesecurity.com/2020/09/CVE-2020-16171-Exploiting-Acronis-Cyber-Backup-for-Fun-and-Emails/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Acronis Cyber Backup before 12.5 Build 16342. Some API endpoints on port 9877 under /api/ams/ accept an additional custom Shard header. The value of this header is afterwards used in a separate web request issued by the application itself. This can be abused to conduct SSRF attacks against otherwise unreachable Acronis services that are bound to localhost such as the NotificationService on 127.0.0.1:30572."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-21T13:07:07",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Sep/33"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.rcesecurity.com/2020/09/CVE-2020-16171-Exploiting-Acronis-Cyber-Backup-for-Fun-and-Emails/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-16171",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Acronis Cyber Backup before 12.5 Build 16342. Some API endpoints on port 9877 under /api/ams/ accept an additional custom Shard header. The value of this header is afterwards used in a separate web request issued by the application itself. This can be abused to conduct SSRF attacks against otherwise unreachable Acronis services that are bound to localhost such as the NotificationService on 127.0.0.1:30572."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://seclists.org/fulldisclosure/2020/Sep/33",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2020/Sep/33"
},
{
"name": "https://www.rcesecurity.com/2020/09/CVE-2020-16171-Exploiting-Acronis-Cyber-Backup-for-Fun-and-Emails/",
"refsource": "MISC",
"url": "https://www.rcesecurity.com/2020/09/CVE-2020-16171-Exploiting-Acronis-Cyber-Backup-for-Fun-and-Emails/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-16171",
"datePublished": "2020-09-21T13:07:07",
"dateReserved": "2020-07-31T00:00:00",
"dateUpdated": "2024-08-04T13:37:54.193Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-30995 (GCVE-0-2022-30995)
Vulnerability from nvd – Published: 2023-05-03 10:50 – Updated: 2025-01-30 15:19
VLAI?
Summary
Sensitive information disclosure due to improper authentication. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 29486, Acronis Cyber Backup 12.5 (Windows, Linux) before build 16545.
Severity ?
9.3 (Critical)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Acronis | Acronis Cyber Protect 15 |
Affected:
unspecified , < 29486
(semver)
|
|||||||
|
|||||||||
Credits
@boldglum (https://hackerone.com/boldglum)
Sandro Tolksdorf of usd AG (https://herolab.usd.de)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:03:40.283Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SEC-3855",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3855"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-30995",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-30T15:19:22.624037Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-30T15:19:32.564Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"Linux"
],
"product": "Acronis Cyber Protect 15",
"vendor": "Acronis",
"versions": [
{
"lessThan": "29486",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"Linux"
],
"product": "Acronis Cyber Backup 12.5",
"vendor": "Acronis",
"versions": [
{
"lessThan": "16545",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "@boldglum (https://hackerone.com/boldglum)"
},
{
"lang": "en",
"type": "finder",
"value": "Sandro Tolksdorf of usd AG (https://herolab.usd.de)"
}
],
"descriptions": [
{
"lang": "en",
"value": "Sensitive information disclosure due to improper authentication. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 29486, Acronis Cyber Backup 12.5 (Windows, Linux) before build 16545."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T10:50:45.883Z",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"name": "SEC-3855",
"tags": [
"vendor-advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3855"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2022-30995",
"datePublished": "2023-05-03T10:50:45.883Z",
"dateReserved": "2022-05-18T07:09:14.532Z",
"dateUpdated": "2025-01-30T15:19:32.564Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3405 (GCVE-0-2022-3405)
Vulnerability from nvd – Published: 2023-05-03 10:49 – Updated: 2025-02-03 18:23
VLAI?
Summary
Code execution and sensitive information disclosure due to excessive privileges assigned to Acronis Agent. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 29486, Acronis Cyber Backup 12.5 (Windows, Linux) before build 16545.
Severity ?
9.3 (Critical)
CWE
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Acronis | Acronis Cyber Protect 15 |
Affected:
unspecified , < 29486
(semver)
|
|||||||
|
|||||||||
Credits
Sandro Tolksdorf of usd AG (https://herolab.usd.de)
@boldglum (https://hackerone.com/boldglum)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:07:06.478Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SEC-4092",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-4092"
},
{
"name": "Authentication Bypass with subsequent Remote Command Execution in Acronis Cyber Protect",
"tags": [
"x_transferred"
],
"url": "https://herolab.usd.de/security-advisories/usd-2022-0008/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3405",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-03T18:23:29.274084Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-03T18:23:43.444Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"Linux"
],
"product": "Acronis Cyber Protect 15",
"vendor": "Acronis",
"versions": [
{
"lessThan": "29486",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"Linux"
],
"product": "Acronis Cyber Backup 12.5",
"vendor": "Acronis",
"versions": [
{
"lessThan": "16545",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Sandro Tolksdorf of usd AG (https://herolab.usd.de)"
},
{
"lang": "en",
"type": "finder",
"value": "@boldglum (https://hackerone.com/boldglum)"
}
],
"descriptions": [
{
"lang": "en",
"value": "Code execution and sensitive information disclosure due to excessive privileges assigned to Acronis Agent. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 29486, Acronis Cyber Backup 12.5 (Windows, Linux) before build 16545."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T10:50:39.541Z",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"name": "SEC-4092",
"tags": [
"vendor-advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-4092"
},
{
"name": "Authentication Bypass with subsequent Remote Command Execution in Acronis Cyber Protect",
"url": "https://herolab.usd.de/security-advisories/usd-2022-0008/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2022-3405",
"datePublished": "2023-05-03T10:49:47.642Z",
"dateReserved": "2022-10-03T16:34:25.515Z",
"dateUpdated": "2025-02-03T18:23:43.444Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10138 (GCVE-0-2020-10138)
Vulnerability from nvd – Published: 2020-10-21 13:40 – Updated: 2024-08-04 10:50
VLAI?
Summary
Acronis Cyber Backup 12.5 and Cyber Protect 15 include an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkins_agent\. Acronis Cyber Backup and Cyber Protect contain a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system root, a user can create the appropriate path to a specially-crafted openssl.cnf file to achieve arbitrary code execution with SYSTEM privileges.
Severity ?
7.8 (High)
CWE
- CWE-284 - Improper Access Control
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Acronis | Cyber Backup |
Affected:
12.5 , < 16363
(custom)
|
|||||||
|
|||||||||
Credits
Will Dormann
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:50:57.887Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/114757"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cyber Backup",
"vendor": "Acronis",
"versions": [
{
"lessThan": "16363",
"status": "affected",
"version": "12.5",
"versionType": "custom"
}
]
},
{
"product": "Cyber Protect",
"vendor": "Acronis",
"versions": [
{
"lessThan": "24600",
"status": "affected",
"version": "15",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Will Dormann"
}
],
"descriptions": [
{
"lang": "en",
"value": "Acronis Cyber Backup 12.5 and Cyber Protect 15 include an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\\jenkins_agent\\. Acronis Cyber Backup and Cyber Protect contain a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system root, a user can create the appropriate path to a specially-crafted openssl.cnf file to achieve arbitrary code execution with SYSTEM privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-21T13:40:18",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.kb.cert.org/vuls/id/114757"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2020-10138",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cyber Backup",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "12.5",
"version_value": "16363"
}
]
}
},
{
"product_name": "Cyber Protect",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "15",
"version_value": "24600"
}
]
}
}
]
},
"vendor_name": "Acronis"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Will Dormann"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Acronis Cyber Backup 12.5 and Cyber Protect 15 include an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\\jenkins_agent\\. Acronis Cyber Backup and Cyber Protect contain a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system root, a user can create the appropriate path to a specially-crafted openssl.cnf file to achieve arbitrary code execution with SYSTEM privileges."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.kb.cert.org/vuls/id/114757",
"refsource": "MISC",
"url": "https://www.kb.cert.org/vuls/id/114757"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2020-10138",
"datePublished": "2020-10-21T13:40:18",
"dateReserved": "2020-03-05T00:00:00",
"dateUpdated": "2024-08-04T10:50:57.887Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-16171 (GCVE-0-2020-16171)
Vulnerability from nvd – Published: 2020-09-21 13:07 – Updated: 2024-08-04 13:37
VLAI?
Summary
An issue was discovered in Acronis Cyber Backup before 12.5 Build 16342. Some API endpoints on port 9877 under /api/ams/ accept an additional custom Shard header. The value of this header is afterwards used in a separate web request issued by the application itself. This can be abused to conduct SSRF attacks against otherwise unreachable Acronis services that are bound to localhost such as the NotificationService on 127.0.0.1:30572.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:37:54.193Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Sep/33"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.rcesecurity.com/2020/09/CVE-2020-16171-Exploiting-Acronis-Cyber-Backup-for-Fun-and-Emails/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Acronis Cyber Backup before 12.5 Build 16342. Some API endpoints on port 9877 under /api/ams/ accept an additional custom Shard header. The value of this header is afterwards used in a separate web request issued by the application itself. This can be abused to conduct SSRF attacks against otherwise unreachable Acronis services that are bound to localhost such as the NotificationService on 127.0.0.1:30572."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-21T13:07:07",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Sep/33"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.rcesecurity.com/2020/09/CVE-2020-16171-Exploiting-Acronis-Cyber-Backup-for-Fun-and-Emails/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-16171",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Acronis Cyber Backup before 12.5 Build 16342. Some API endpoints on port 9877 under /api/ams/ accept an additional custom Shard header. The value of this header is afterwards used in a separate web request issued by the application itself. This can be abused to conduct SSRF attacks against otherwise unreachable Acronis services that are bound to localhost such as the NotificationService on 127.0.0.1:30572."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://seclists.org/fulldisclosure/2020/Sep/33",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2020/Sep/33"
},
{
"name": "https://www.rcesecurity.com/2020/09/CVE-2020-16171-Exploiting-Acronis-Cyber-Backup-for-Fun-and-Emails/",
"refsource": "MISC",
"url": "https://www.rcesecurity.com/2020/09/CVE-2020-16171-Exploiting-Acronis-Cyber-Backup-for-Fun-and-Emails/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-16171",
"datePublished": "2020-09-21T13:07:07",
"dateReserved": "2020-07-31T00:00:00",
"dateUpdated": "2024-08-04T13:37:54.193Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}