Search criteria
27 vulnerabilities found for snap_deploy by acronis
FKIE_CVE-2024-34019
Vulnerability from fkie_nvd - Published: 2024-08-29 20:15 - Updated: 2024-09-12 17:18
Severity ?
Summary
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 4569.
References
| URL | Tags | ||
|---|---|---|---|
| security@acronis.com | https://security-advisory.acronis.com/advisories/SEC-3079 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| acronis | snap_deploy | * | |
| acronis | snap_deploy | 6 | |
| acronis | snap_deploy | 6 | |
| acronis | snap_deploy | 6 | |
| acronis | snap_deploy | 6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acronis:snap_deploy:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "E3653927-4EF6-4508-92E7-F2EB2C418A00",
"versionEndExcluding": "6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:snap_deploy:6:-:*:*:*:windows:*:*",
"matchCriteriaId": "A12AF81B-8339-4F72-A30E-D5126B0BACE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:snap_deploy:6:update1:*:*:*:windows:*:*",
"matchCriteriaId": "5AD3DAEE-A07B-47B6-A072-171E571F7B6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:snap_deploy:6:update1.1:*:*:*:windows:*:*",
"matchCriteriaId": "9D953C3D-25D4-4C30-826A-D5E002A5CF78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:snap_deploy:6:update1.2:*:*:*:windows:*:*",
"matchCriteriaId": "BF1C1F42-7A5F-43AC-8E49-06F336605421",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 4569."
},
{
"lang": "es",
"value": "Escalada de privilegios locales debido a una vulnerabilidad de secuestro de DLL. Los siguientes productos est\u00e1n afectados: Acronis Snap Deploy (Windows) antes de la compilaci\u00f3n 4569."
}
],
"id": "CVE-2024-34019",
"lastModified": "2024-09-12T17:18:07.163",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "security@acronis.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-29T20:15:08.193",
"references": [
{
"source": "security@acronis.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3079"
}
],
"sourceIdentifier": "security@acronis.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "security@acronis.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-34017
Vulnerability from fkie_nvd - Published: 2024-08-29 20:15 - Updated: 2024-09-12 17:16
Severity ?
Summary
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 4569.
References
| URL | Tags | ||
|---|---|---|---|
| security@acronis.com | https://security-advisory.acronis.com/advisories/SEC-4505 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| acronis | snap_deploy | * | |
| acronis | snap_deploy | 6 | |
| acronis | snap_deploy | 6 | |
| acronis | snap_deploy | 6 | |
| acronis | snap_deploy | 6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acronis:snap_deploy:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "E3653927-4EF6-4508-92E7-F2EB2C418A00",
"versionEndExcluding": "6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:snap_deploy:6:-:*:*:*:windows:*:*",
"matchCriteriaId": "A12AF81B-8339-4F72-A30E-D5126B0BACE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:snap_deploy:6:update1:*:*:*:windows:*:*",
"matchCriteriaId": "5AD3DAEE-A07B-47B6-A072-171E571F7B6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:snap_deploy:6:update1.1:*:*:*:windows:*:*",
"matchCriteriaId": "9D953C3D-25D4-4C30-826A-D5E002A5CF78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:snap_deploy:6:update1.2:*:*:*:windows:*:*",
"matchCriteriaId": "BF1C1F42-7A5F-43AC-8E49-06F336605421",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 4569."
},
{
"lang": "es",
"value": "Escalada de privilegios locales debido a una vulnerabilidad de secuestro de DLL. Los siguientes productos est\u00e1n afectados: Acronis Snap Deploy (Windows) antes de la compilaci\u00f3n 4569."
}
],
"id": "CVE-2024-34017",
"lastModified": "2024-09-12T17:16:09.890",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "security@acronis.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-29T20:15:07.743",
"references": [
{
"source": "security@acronis.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-4505"
}
],
"sourceIdentifier": "security@acronis.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "security@acronis.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-34018
Vulnerability from fkie_nvd - Published: 2024-08-29 20:15 - Updated: 2024-09-12 17:17
Severity ?
Summary
Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Snap Deploy (Windows) before build 4569.
References
| URL | Tags | ||
|---|---|---|---|
| security@acronis.com | https://security-advisory.acronis.com/advisories/SEC-4196 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| acronis | snap_deploy | * | |
| acronis | snap_deploy | 6 | |
| acronis | snap_deploy | 6 | |
| acronis | snap_deploy | 6 | |
| acronis | snap_deploy | 6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acronis:snap_deploy:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "E3653927-4EF6-4508-92E7-F2EB2C418A00",
"versionEndExcluding": "6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:snap_deploy:6:-:*:*:*:windows:*:*",
"matchCriteriaId": "A12AF81B-8339-4F72-A30E-D5126B0BACE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:snap_deploy:6:update1:*:*:*:windows:*:*",
"matchCriteriaId": "5AD3DAEE-A07B-47B6-A072-171E571F7B6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:snap_deploy:6:update1.1:*:*:*:windows:*:*",
"matchCriteriaId": "9D953C3D-25D4-4C30-826A-D5E002A5CF78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:snap_deploy:6:update1.2:*:*:*:windows:*:*",
"matchCriteriaId": "BF1C1F42-7A5F-43AC-8E49-06F336605421",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Snap Deploy (Windows) before build 4569."
},
{
"lang": "es",
"value": "Divulgaci\u00f3n de informaci\u00f3n confidencial debido a permisos de carpetas inseguros. Los siguientes productos se ven afectados: Acronis Snap Deploy (Windows) antes de la compilaci\u00f3n 4569."
}
],
"id": "CVE-2024-34018",
"lastModified": "2024-09-12T17:17:20.873",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "security@acronis.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-29T20:15:07.997",
"references": [
{
"source": "security@acronis.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-4196"
}
],
"sourceIdentifier": "security@acronis.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-276"
}
],
"source": "security@acronis.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-2355
Vulnerability from fkie_nvd - Published: 2023-04-27 19:15 - Updated: 2024-11-21 07:58
Severity ?
Summary
Local privilege escalation due to a DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 3900.
References
| URL | Tags | ||
|---|---|---|---|
| security@acronis.com | https://security-advisory.acronis.com/advisories/SEC-4048 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security-advisory.acronis.com/advisories/SEC-4048 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| acronis | snap_deploy | * | |
| acronis | snap_deploy | 6 | |
| acronis | snap_deploy | 6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acronis:snap_deploy:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "E3653927-4EF6-4508-92E7-F2EB2C418A00",
"versionEndExcluding": "6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:snap_deploy:6:-:*:*:*:windows:*:*",
"matchCriteriaId": "A12AF81B-8339-4F72-A30E-D5126B0BACE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:snap_deploy:6:update1:*:*:*:windows:*:*",
"matchCriteriaId": "5AD3DAEE-A07B-47B6-A072-171E571F7B6D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation due to a DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 3900."
}
],
"id": "CVE-2023-2355",
"lastModified": "2024-11-21T07:58:26.867",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "security@acronis.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-04-27T19:15:20.597",
"references": [
{
"source": "security@acronis.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-4048"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-4048"
}
],
"sourceIdentifier": "security@acronis.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "security@acronis.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-30695
Vulnerability from fkie_nvd - Published: 2022-05-16 18:15 - Updated: 2024-11-21 07:03
Severity ?
Summary
Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Snap Deploy (Windows) before build 3640
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| acronis | snap_deploy | * | |
| acronis | snap_deploy | 6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acronis:snap_deploy:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "E3653927-4EF6-4508-92E7-F2EB2C418A00",
"versionEndExcluding": "6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:snap_deploy:6:-:*:*:*:windows:*:*",
"matchCriteriaId": "A12AF81B-8339-4F72-A30E-D5126B0BACE6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Snap Deploy (Windows) before build 3640"
},
{
"lang": "es",
"value": "Una escalada de privilegios local debido a permisos excesivos asignados a los procesos hijos. Los siguientes productos est\u00e1n afectados: Acronis Snap Deploy (Windows) versiones anteriores a la compilaci\u00f3n 3640"
}
],
"id": "CVE-2022-30695",
"lastModified": "2024-11-21T07:03:11.357",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-16T18:15:08.570",
"references": [
{
"source": "security@acronis.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3080"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3080"
}
],
"sourceIdentifier": "security@acronis.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-250"
}
],
"source": "security@acronis.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-30696
Vulnerability from fkie_nvd - Published: 2022-05-16 18:15 - Updated: 2024-11-21 07:03
Severity ?
Summary
Local privilege escalation due to a DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 3640
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| acronis | snap_deploy | * | |
| acronis | snap_deploy | 6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acronis:snap_deploy:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "E3653927-4EF6-4508-92E7-F2EB2C418A00",
"versionEndExcluding": "6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:snap_deploy:6:-:*:*:*:windows:*:*",
"matchCriteriaId": "A12AF81B-8339-4F72-A30E-D5126B0BACE6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation due to a DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 3640"
},
{
"lang": "es",
"value": "Una escalada de privilegios local debido a una vulnerabilidad de secuestro de DLL. Los siguientes productos est\u00e1n afectados: Acronis Snap Deploy (Windows) versiones anteriores a la compilaci\u00f3n 3640"
}
],
"id": "CVE-2022-30696",
"lastModified": "2024-11-21T07:03:11.463",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-16T18:15:08.617",
"references": [
{
"source": "security@acronis.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3081"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3081"
}
],
"sourceIdentifier": "security@acronis.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "security@acronis.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-30697
Vulnerability from fkie_nvd - Published: 2022-05-16 18:15 - Updated: 2024-11-21 07:03
Severity ?
Summary
Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Snap Deploy (Windows) before build 3640
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| acronis | snap_deploy | * | |
| acronis | snap_deploy | 6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acronis:snap_deploy:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "E3653927-4EF6-4508-92E7-F2EB2C418A00",
"versionEndExcluding": "6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:snap_deploy:6:-:*:*:*:windows:*:*",
"matchCriteriaId": "A12AF81B-8339-4F72-A30E-D5126B0BACE6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Snap Deploy (Windows) before build 3640"
},
{
"lang": "es",
"value": "Una escalada de privilegios local debido a permisos de carpetas no seguras. Los siguientes productos est\u00e1n afectados: Acronis Snap Deploy (Windows) versiones anteriores a la compilaci\u00f3n 3640"
}
],
"id": "CVE-2022-30697",
"lastModified": "2024-11-21T07:03:11.557",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-16T18:15:08.667",
"references": [
{
"source": "security@acronis.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3082"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3082"
}
],
"sourceIdentifier": "security@acronis.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "security@acronis.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-1411
Vulnerability from fkie_nvd - Published: 2008-03-20 10:44 - Updated: 2025-04-09 00:30
Severity ?
Summary
The PXE Server (pxesrv.exe) in Acronis Snap Deploy 2.0.0.1076 and earlier allows remote attackers to cause a denial of service (crash) via an incomplete TFTP request, which triggers a NULL pointer dereference.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| acronis | snap_deploy | 2.0.0.1076 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acronis:snap_deploy:2.0.0.1076:*:*:*:*:*:*:*",
"matchCriteriaId": "A091CA72-DCC4-4E28-8DF3-AE7A515BD331",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The PXE Server (pxesrv.exe) in Acronis Snap Deploy 2.0.0.1076 and earlier allows remote attackers to cause a denial of service (crash) via an incomplete TFTP request, which triggers a NULL pointer dereference."
},
{
"lang": "es",
"value": "PXE Server (pxesrv.exe) en Acronis Snap Deploy versiones 2.0.0.1076 y anteriores permite a atacantes remotos provocar una denegaci\u00f3n de servicio (parada) al utilizar una petici\u00f3n TFTP incompleta, que dispara una referencia a un puntero NULL."
}
],
"id": "CVE-2008-1411",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-03-20T10:44:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://aluigi.altervista.org/adv/acropxe-adv.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29305"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3758"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/489358/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/28182"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0814/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41075"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/5228"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://aluigi.altervista.org/adv/acropxe-adv.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29305"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3758"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/489358/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/28182"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0814/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41075"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/5228"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-1410
Vulnerability from fkie_nvd - Published: 2008-03-20 10:44 - Updated: 2025-04-09 00:30
Severity ?
Summary
Directory traversal vulnerability in the PXE Server (pxesrv.exe) in Acronis Snap Deploy 2.0.0.1076 and earlier allows remote attackers to read arbitrary files via directory traversal sequences to the TFTP service.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| acronis | snap_deploy | 2.0.0.1076 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acronis:snap_deploy:2.0.0.1076:*:*:*:*:*:*:*",
"matchCriteriaId": "A091CA72-DCC4-4E28-8DF3-AE7A515BD331",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the PXE Server (pxesrv.exe) in Acronis Snap Deploy 2.0.0.1076 and earlier allows remote attackers to read arbitrary files via directory traversal sequences to the TFTP service."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en PXE Server (pxesrv.exe) de Acronis Snap Deploy versiones 2.0.0.1076 y anteriores permite a atacantes remotos leer ficheros de su elecci\u00f3n mediante la utilizaci\u00f3n de secuencias de salto de directorio en el servicio TFTP."
}
],
"id": "CVE-2008-1410",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-03-20T10:44:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://aluigi.altervista.org/adv/acropxe-adv.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29305"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3758"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/489358/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/28182"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0814/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41074"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/5228"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://aluigi.altervista.org/adv/acropxe-adv.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29305"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3758"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/489358/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/28182"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0814/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41074"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/5228"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2024-34018 (GCVE-0-2024-34018)
Vulnerability from cvelistv5 – Published: 2024-08-29 19:15 – Updated: 2024-08-29 19:39
VLAI?
Summary
Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Snap Deploy (Windows) before build 4569.
Severity ?
5.5 (Medium)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Acronis | Acronis Snap Deploy |
Affected:
unspecified , < 4569
(semver)
|
Credits
@mmg (https://hackerone.com/mmg)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-34018",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-29T19:39:10.587890Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T19:39:37.560Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Acronis Snap Deploy",
"vendor": "Acronis",
"versions": [
{
"lessThan": "4569",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "@mmg (https://hackerone.com/mmg)"
}
],
"descriptions": [
{
"lang": "en",
"value": "Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Snap Deploy (Windows) before build 4569."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T19:15:08.649Z",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"name": "SEC-4196",
"tags": [
"vendor-advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-4196"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2024-34018",
"datePublished": "2024-08-29T19:15:08.649Z",
"dateReserved": "2024-04-29T15:33:32.846Z",
"dateUpdated": "2024-08-29T19:39:37.560Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-34017 (GCVE-0-2024-34017)
Vulnerability from cvelistv5 – Published: 2024-08-29 19:14 – Updated: 2024-08-29 19:38
VLAI?
Summary
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 4569.
Severity ?
6.7 (Medium)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Acronis | Acronis Snap Deploy |
Affected:
unspecified , < 4569
(semver)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:acronis:snap_deploy:*:*:*:*:*:windows:*:*"
],
"defaultStatus": "unknown",
"product": "snap_deploy",
"vendor": "acronis",
"versions": [
{
"lessThan": "4569",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-34017",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-29T19:38:05.985424Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T19:38:52.936Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Acronis Snap Deploy",
"vendor": "Acronis",
"versions": [
{
"lessThan": "4569",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 4569."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T19:14:19.067Z",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"name": "SEC-4505",
"tags": [
"vendor-advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-4505"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2024-34017",
"datePublished": "2024-08-29T19:14:19.067Z",
"dateReserved": "2024-04-29T15:33:32.846Z",
"dateUpdated": "2024-08-29T19:38:52.936Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-34019 (GCVE-0-2024-34019)
Vulnerability from cvelistv5 – Published: 2024-08-29 19:12 – Updated: 2024-08-29 19:40
VLAI?
Summary
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 4569.
Severity ?
6.7 (Medium)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Acronis | Acronis Snap Deploy |
Affected:
unspecified , < 4569
(semver)
|
Credits
@mmg (https://hackerone.com/mmg)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:acronis:snap_deploy:*:*:*:*:*:windows:*:*"
],
"defaultStatus": "unknown",
"product": "snap_deploy",
"vendor": "acronis",
"versions": [
{
"lessThan": "4569",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-34019",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-29T19:40:19.357921Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T19:40:47.168Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Acronis Snap Deploy",
"vendor": "Acronis",
"versions": [
{
"lessThan": "4569",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "@mmg (https://hackerone.com/mmg)"
}
],
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 4569."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T19:12:46.700Z",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"name": "SEC-3079",
"tags": [
"vendor-advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3079"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2024-34019",
"datePublished": "2024-08-29T19:12:46.700Z",
"dateReserved": "2024-04-29T15:33:32.846Z",
"dateUpdated": "2024-08-29T19:40:47.168Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2355 (GCVE-0-2023-2355)
Vulnerability from cvelistv5 – Published: 2023-04-27 18:45 – Updated: 2025-01-30 20:49
VLAI?
Summary
Local privilege escalation due to a DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 3900.
Severity ?
6.7 (Medium)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Acronis | Acronis Snap Deploy |
Affected:
unspecified , < 3900
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:19:14.887Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SEC-4048",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-4048"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2355",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-30T20:49:51.804566Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-30T20:49:56.542Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Acronis Snap Deploy",
"vendor": "Acronis",
"versions": [
{
"lessThan": "3900",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation due to a DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 3900."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-27T18:45:26.176Z",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"name": "SEC-4048",
"tags": [
"vendor-advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-4048"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2023-2355",
"datePublished": "2023-04-27T18:45:26.176Z",
"dateReserved": "2023-04-27T17:41:37.597Z",
"dateUpdated": "2025-01-30T20:49:56.542Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-30697 (GCVE-0-2022-30697)
Vulnerability from cvelistv5 – Published: 2022-05-16 17:20 – Updated: 2024-09-17 01:36
VLAI?
Title
Local privilege escalation due to insecure folder permissions
Summary
Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Snap Deploy (Windows) before build 3640
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Acronis | Acronis Snap Deploy |
Affected:
unspecified , < 3640
(custom)
|
Credits
@mmg (https://hackerone.com/mmg)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:56:13.804Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3082"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows"
],
"product": "Acronis Snap Deploy",
"vendor": "Acronis",
"versions": [
{
"lessThan": "3640",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "@mmg (https://hackerone.com/mmg)"
}
],
"datePublic": "2022-05-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Snap Deploy (Windows) before build 3640"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-16T17:20:32",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3082"
}
],
"source": {
"advisory": "SEC-3082",
"defect": [
"SEC-3082"
],
"discovery": "EXTERNAL"
},
"title": "Local privilege escalation due to insecure folder permissions",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@acronis.com",
"DATE_PUBLIC": "2022-05-13T00:00:00.000Z",
"ID": "CVE-2022-30697",
"STATE": "PUBLIC",
"TITLE": "Local privilege escalation due to insecure folder permissions"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Acronis Snap Deploy",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_value": "3640"
}
]
}
}
]
},
"vendor_name": "Acronis"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "@mmg (https://hackerone.com/mmg)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Snap Deploy (Windows) before build 3640"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-427"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-advisory.acronis.com/advisories/SEC-3082",
"refsource": "MISC",
"url": "https://security-advisory.acronis.com/advisories/SEC-3082"
}
]
},
"source": {
"advisory": "SEC-3082",
"defect": [
"SEC-3082"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2022-30697",
"datePublished": "2022-05-16T17:20:32.585942Z",
"dateReserved": "2022-05-13T00:00:00",
"dateUpdated": "2024-09-17T01:36:27.132Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-30696 (GCVE-0-2022-30696)
Vulnerability from cvelistv5 – Published: 2022-05-16 17:20 – Updated: 2024-09-17 00:25
VLAI?
Title
Local privilege escalation due to a DLL hijacking vulnerability
Summary
Local privilege escalation due to a DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 3640
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Acronis | Acronis Snap Deploy |
Affected:
unspecified , < 3640
(custom)
|
Credits
@mmg (https://hackerone.com/mmg)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:56:13.592Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3081"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows"
],
"product": "Acronis Snap Deploy",
"vendor": "Acronis",
"versions": [
{
"lessThan": "3640",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "@mmg (https://hackerone.com/mmg)"
}
],
"datePublic": "2022-05-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation due to a DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 3640"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-16T17:20:02",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3081"
}
],
"source": {
"advisory": "SEC-3081",
"defect": [
"SEC-3081"
],
"discovery": "EXTERNAL"
},
"title": "Local privilege escalation due to a DLL hijacking vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@acronis.com",
"DATE_PUBLIC": "2022-05-13T00:00:00.000Z",
"ID": "CVE-2022-30696",
"STATE": "PUBLIC",
"TITLE": "Local privilege escalation due to a DLL hijacking vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Acronis Snap Deploy",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_value": "3640"
}
]
}
}
]
},
"vendor_name": "Acronis"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "@mmg (https://hackerone.com/mmg)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Local privilege escalation due to a DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 3640"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-427"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-advisory.acronis.com/advisories/SEC-3081",
"refsource": "MISC",
"url": "https://security-advisory.acronis.com/advisories/SEC-3081"
}
]
},
"source": {
"advisory": "SEC-3081",
"defect": [
"SEC-3081"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2022-30696",
"datePublished": "2022-05-16T17:20:02.194777Z",
"dateReserved": "2022-05-13T00:00:00",
"dateUpdated": "2024-09-17T00:25:50.944Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-30695 (GCVE-0-2022-30695)
Vulnerability from cvelistv5 – Published: 2022-05-16 17:19 – Updated: 2024-09-17 04:20
VLAI?
Title
Local privilege escalation due to excessive permissions assigned to child processes
Summary
Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Snap Deploy (Windows) before build 3640
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Acronis | Acronis Snap Deploy |
Affected:
unspecified , < 3640
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:56:13.502Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3080"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows"
],
"product": "Acronis Snap Deploy",
"vendor": "Acronis",
"versions": [
{
"lessThan": "3640",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-05-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Snap Deploy (Windows) before build 3640"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-16T17:19:34",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3080"
}
],
"source": {
"advisory": "SEC-3080",
"defect": [
"SEC-3080"
],
"discovery": "INTERNAL"
},
"title": "Local privilege escalation due to excessive permissions assigned to child processes",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@acronis.com",
"DATE_PUBLIC": "2022-05-13T00:00:00.000Z",
"ID": "CVE-2022-30695",
"STATE": "PUBLIC",
"TITLE": "Local privilege escalation due to excessive permissions assigned to child processes"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Acronis Snap Deploy",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_value": "3640"
}
]
}
}
]
},
"vendor_name": "Acronis"
}
]
}
},
"credit": [],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Snap Deploy (Windows) before build 3640"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-250"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-advisory.acronis.com/advisories/SEC-3080",
"refsource": "MISC",
"url": "https://security-advisory.acronis.com/advisories/SEC-3080"
}
]
},
"source": {
"advisory": "SEC-3080",
"defect": [
"SEC-3080"
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2022-30695",
"datePublished": "2022-05-16T17:19:34.797192Z",
"dateReserved": "2022-05-13T00:00:00",
"dateUpdated": "2024-09-17T04:20:36.207Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1411 (GCVE-0-2008-1411)
Vulnerability from cvelistv5 – Published: 2008-03-20 10:00 – Updated: 2024-08-07 08:24
VLAI?
Summary
The PXE Server (pxesrv.exe) in Acronis Snap Deploy 2.0.0.1076 and earlier allows remote attackers to cause a denial of service (crash) via an incomplete TFTP request, which triggers a NULL pointer dereference.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:24:41.322Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/acropxe-adv.txt"
},
{
"name": "ADV-2008-0814",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0814/references"
},
{
"name": "28182",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28182"
},
{
"name": "acronissnap-pxeserver-dos(41075)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41075"
},
{
"name": "20080310 Directory traversal and NULL pointer in Acronis PXE Server 2.0.0.1076",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/489358/100/0/threaded"
},
{
"name": "29305",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29305"
},
{
"name": "3758",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3758"
},
{
"name": "5228",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5228"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The PXE Server (pxesrv.exe) in Acronis Snap Deploy 2.0.0.1076 and earlier allows remote attackers to cause a denial of service (crash) via an incomplete TFTP request, which triggers a NULL pointer dereference."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/acropxe-adv.txt"
},
{
"name": "ADV-2008-0814",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0814/references"
},
{
"name": "28182",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28182"
},
{
"name": "acronissnap-pxeserver-dos(41075)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41075"
},
{
"name": "20080310 Directory traversal and NULL pointer in Acronis PXE Server 2.0.0.1076",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/489358/100/0/threaded"
},
{
"name": "29305",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29305"
},
{
"name": "3758",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3758"
},
{
"name": "5228",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5228"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1411",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The PXE Server (pxesrv.exe) in Acronis Snap Deploy 2.0.0.1076 and earlier allows remote attackers to cause a denial of service (crash) via an incomplete TFTP request, which triggers a NULL pointer dereference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://aluigi.altervista.org/adv/acropxe-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/acropxe-adv.txt"
},
{
"name": "ADV-2008-0814",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0814/references"
},
{
"name": "28182",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28182"
},
{
"name": "acronissnap-pxeserver-dos(41075)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41075"
},
{
"name": "20080310 Directory traversal and NULL pointer in Acronis PXE Server 2.0.0.1076",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489358/100/0/threaded"
},
{
"name": "29305",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29305"
},
{
"name": "3758",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3758"
},
{
"name": "5228",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5228"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1411",
"datePublished": "2008-03-20T10:00:00",
"dateReserved": "2008-03-19T00:00:00",
"dateUpdated": "2024-08-07T08:24:41.322Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1410 (GCVE-0-2008-1410)
Vulnerability from cvelistv5 – Published: 2008-03-20 10:00 – Updated: 2024-08-07 08:24
VLAI?
Summary
Directory traversal vulnerability in the PXE Server (pxesrv.exe) in Acronis Snap Deploy 2.0.0.1076 and earlier allows remote attackers to read arbitrary files via directory traversal sequences to the TFTP service.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:24:41.487Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "acronissnap-pxeserver-directory-traversal(41074)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41074"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/acropxe-adv.txt"
},
{
"name": "ADV-2008-0814",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0814/references"
},
{
"name": "28182",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28182"
},
{
"name": "20080310 Directory traversal and NULL pointer in Acronis PXE Server 2.0.0.1076",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/489358/100/0/threaded"
},
{
"name": "29305",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29305"
},
{
"name": "3758",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3758"
},
{
"name": "5228",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5228"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the PXE Server (pxesrv.exe) in Acronis Snap Deploy 2.0.0.1076 and earlier allows remote attackers to read arbitrary files via directory traversal sequences to the TFTP service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "acronissnap-pxeserver-directory-traversal(41074)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41074"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/acropxe-adv.txt"
},
{
"name": "ADV-2008-0814",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0814/references"
},
{
"name": "28182",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28182"
},
{
"name": "20080310 Directory traversal and NULL pointer in Acronis PXE Server 2.0.0.1076",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/489358/100/0/threaded"
},
{
"name": "29305",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29305"
},
{
"name": "3758",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3758"
},
{
"name": "5228",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5228"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1410",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the PXE Server (pxesrv.exe) in Acronis Snap Deploy 2.0.0.1076 and earlier allows remote attackers to read arbitrary files via directory traversal sequences to the TFTP service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "acronissnap-pxeserver-directory-traversal(41074)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41074"
},
{
"name": "http://aluigi.altervista.org/adv/acropxe-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/acropxe-adv.txt"
},
{
"name": "ADV-2008-0814",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0814/references"
},
{
"name": "28182",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28182"
},
{
"name": "20080310 Directory traversal and NULL pointer in Acronis PXE Server 2.0.0.1076",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489358/100/0/threaded"
},
{
"name": "29305",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29305"
},
{
"name": "3758",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3758"
},
{
"name": "5228",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5228"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1410",
"datePublished": "2008-03-20T10:00:00",
"dateReserved": "2008-03-19T00:00:00",
"dateUpdated": "2024-08-07T08:24:41.487Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-34018 (GCVE-0-2024-34018)
Vulnerability from nvd – Published: 2024-08-29 19:15 – Updated: 2024-08-29 19:39
VLAI?
Summary
Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Snap Deploy (Windows) before build 4569.
Severity ?
5.5 (Medium)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Acronis | Acronis Snap Deploy |
Affected:
unspecified , < 4569
(semver)
|
Credits
@mmg (https://hackerone.com/mmg)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-34018",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-29T19:39:10.587890Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T19:39:37.560Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Acronis Snap Deploy",
"vendor": "Acronis",
"versions": [
{
"lessThan": "4569",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "@mmg (https://hackerone.com/mmg)"
}
],
"descriptions": [
{
"lang": "en",
"value": "Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Snap Deploy (Windows) before build 4569."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T19:15:08.649Z",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"name": "SEC-4196",
"tags": [
"vendor-advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-4196"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2024-34018",
"datePublished": "2024-08-29T19:15:08.649Z",
"dateReserved": "2024-04-29T15:33:32.846Z",
"dateUpdated": "2024-08-29T19:39:37.560Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-34017 (GCVE-0-2024-34017)
Vulnerability from nvd – Published: 2024-08-29 19:14 – Updated: 2024-08-29 19:38
VLAI?
Summary
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 4569.
Severity ?
6.7 (Medium)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Acronis | Acronis Snap Deploy |
Affected:
unspecified , < 4569
(semver)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:acronis:snap_deploy:*:*:*:*:*:windows:*:*"
],
"defaultStatus": "unknown",
"product": "snap_deploy",
"vendor": "acronis",
"versions": [
{
"lessThan": "4569",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-34017",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-29T19:38:05.985424Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T19:38:52.936Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Acronis Snap Deploy",
"vendor": "Acronis",
"versions": [
{
"lessThan": "4569",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 4569."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T19:14:19.067Z",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"name": "SEC-4505",
"tags": [
"vendor-advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-4505"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2024-34017",
"datePublished": "2024-08-29T19:14:19.067Z",
"dateReserved": "2024-04-29T15:33:32.846Z",
"dateUpdated": "2024-08-29T19:38:52.936Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-34019 (GCVE-0-2024-34019)
Vulnerability from nvd – Published: 2024-08-29 19:12 – Updated: 2024-08-29 19:40
VLAI?
Summary
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 4569.
Severity ?
6.7 (Medium)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Acronis | Acronis Snap Deploy |
Affected:
unspecified , < 4569
(semver)
|
Credits
@mmg (https://hackerone.com/mmg)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:acronis:snap_deploy:*:*:*:*:*:windows:*:*"
],
"defaultStatus": "unknown",
"product": "snap_deploy",
"vendor": "acronis",
"versions": [
{
"lessThan": "4569",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-34019",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-29T19:40:19.357921Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T19:40:47.168Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Acronis Snap Deploy",
"vendor": "Acronis",
"versions": [
{
"lessThan": "4569",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "@mmg (https://hackerone.com/mmg)"
}
],
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 4569."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T19:12:46.700Z",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"name": "SEC-3079",
"tags": [
"vendor-advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3079"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2024-34019",
"datePublished": "2024-08-29T19:12:46.700Z",
"dateReserved": "2024-04-29T15:33:32.846Z",
"dateUpdated": "2024-08-29T19:40:47.168Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2355 (GCVE-0-2023-2355)
Vulnerability from nvd – Published: 2023-04-27 18:45 – Updated: 2025-01-30 20:49
VLAI?
Summary
Local privilege escalation due to a DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 3900.
Severity ?
6.7 (Medium)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Acronis | Acronis Snap Deploy |
Affected:
unspecified , < 3900
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:19:14.887Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SEC-4048",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-4048"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2355",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-30T20:49:51.804566Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-30T20:49:56.542Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Acronis Snap Deploy",
"vendor": "Acronis",
"versions": [
{
"lessThan": "3900",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation due to a DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 3900."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-27T18:45:26.176Z",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"name": "SEC-4048",
"tags": [
"vendor-advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-4048"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2023-2355",
"datePublished": "2023-04-27T18:45:26.176Z",
"dateReserved": "2023-04-27T17:41:37.597Z",
"dateUpdated": "2025-01-30T20:49:56.542Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-30697 (GCVE-0-2022-30697)
Vulnerability from nvd – Published: 2022-05-16 17:20 – Updated: 2024-09-17 01:36
VLAI?
Title
Local privilege escalation due to insecure folder permissions
Summary
Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Snap Deploy (Windows) before build 3640
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Acronis | Acronis Snap Deploy |
Affected:
unspecified , < 3640
(custom)
|
Credits
@mmg (https://hackerone.com/mmg)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:56:13.804Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3082"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows"
],
"product": "Acronis Snap Deploy",
"vendor": "Acronis",
"versions": [
{
"lessThan": "3640",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "@mmg (https://hackerone.com/mmg)"
}
],
"datePublic": "2022-05-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Snap Deploy (Windows) before build 3640"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-16T17:20:32",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3082"
}
],
"source": {
"advisory": "SEC-3082",
"defect": [
"SEC-3082"
],
"discovery": "EXTERNAL"
},
"title": "Local privilege escalation due to insecure folder permissions",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@acronis.com",
"DATE_PUBLIC": "2022-05-13T00:00:00.000Z",
"ID": "CVE-2022-30697",
"STATE": "PUBLIC",
"TITLE": "Local privilege escalation due to insecure folder permissions"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Acronis Snap Deploy",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_value": "3640"
}
]
}
}
]
},
"vendor_name": "Acronis"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "@mmg (https://hackerone.com/mmg)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Snap Deploy (Windows) before build 3640"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-427"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-advisory.acronis.com/advisories/SEC-3082",
"refsource": "MISC",
"url": "https://security-advisory.acronis.com/advisories/SEC-3082"
}
]
},
"source": {
"advisory": "SEC-3082",
"defect": [
"SEC-3082"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2022-30697",
"datePublished": "2022-05-16T17:20:32.585942Z",
"dateReserved": "2022-05-13T00:00:00",
"dateUpdated": "2024-09-17T01:36:27.132Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-30696 (GCVE-0-2022-30696)
Vulnerability from nvd – Published: 2022-05-16 17:20 – Updated: 2024-09-17 00:25
VLAI?
Title
Local privilege escalation due to a DLL hijacking vulnerability
Summary
Local privilege escalation due to a DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 3640
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Acronis | Acronis Snap Deploy |
Affected:
unspecified , < 3640
(custom)
|
Credits
@mmg (https://hackerone.com/mmg)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:56:13.592Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3081"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows"
],
"product": "Acronis Snap Deploy",
"vendor": "Acronis",
"versions": [
{
"lessThan": "3640",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "@mmg (https://hackerone.com/mmg)"
}
],
"datePublic": "2022-05-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation due to a DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 3640"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-16T17:20:02",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3081"
}
],
"source": {
"advisory": "SEC-3081",
"defect": [
"SEC-3081"
],
"discovery": "EXTERNAL"
},
"title": "Local privilege escalation due to a DLL hijacking vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@acronis.com",
"DATE_PUBLIC": "2022-05-13T00:00:00.000Z",
"ID": "CVE-2022-30696",
"STATE": "PUBLIC",
"TITLE": "Local privilege escalation due to a DLL hijacking vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Acronis Snap Deploy",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_value": "3640"
}
]
}
}
]
},
"vendor_name": "Acronis"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "@mmg (https://hackerone.com/mmg)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Local privilege escalation due to a DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 3640"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-427"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-advisory.acronis.com/advisories/SEC-3081",
"refsource": "MISC",
"url": "https://security-advisory.acronis.com/advisories/SEC-3081"
}
]
},
"source": {
"advisory": "SEC-3081",
"defect": [
"SEC-3081"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2022-30696",
"datePublished": "2022-05-16T17:20:02.194777Z",
"dateReserved": "2022-05-13T00:00:00",
"dateUpdated": "2024-09-17T00:25:50.944Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-30695 (GCVE-0-2022-30695)
Vulnerability from nvd – Published: 2022-05-16 17:19 – Updated: 2024-09-17 04:20
VLAI?
Title
Local privilege escalation due to excessive permissions assigned to child processes
Summary
Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Snap Deploy (Windows) before build 3640
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Acronis | Acronis Snap Deploy |
Affected:
unspecified , < 3640
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:56:13.502Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3080"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows"
],
"product": "Acronis Snap Deploy",
"vendor": "Acronis",
"versions": [
{
"lessThan": "3640",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-05-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Snap Deploy (Windows) before build 3640"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-16T17:19:34",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3080"
}
],
"source": {
"advisory": "SEC-3080",
"defect": [
"SEC-3080"
],
"discovery": "INTERNAL"
},
"title": "Local privilege escalation due to excessive permissions assigned to child processes",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@acronis.com",
"DATE_PUBLIC": "2022-05-13T00:00:00.000Z",
"ID": "CVE-2022-30695",
"STATE": "PUBLIC",
"TITLE": "Local privilege escalation due to excessive permissions assigned to child processes"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Acronis Snap Deploy",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_value": "3640"
}
]
}
}
]
},
"vendor_name": "Acronis"
}
]
}
},
"credit": [],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Snap Deploy (Windows) before build 3640"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-250"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-advisory.acronis.com/advisories/SEC-3080",
"refsource": "MISC",
"url": "https://security-advisory.acronis.com/advisories/SEC-3080"
}
]
},
"source": {
"advisory": "SEC-3080",
"defect": [
"SEC-3080"
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2022-30695",
"datePublished": "2022-05-16T17:19:34.797192Z",
"dateReserved": "2022-05-13T00:00:00",
"dateUpdated": "2024-09-17T04:20:36.207Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1411 (GCVE-0-2008-1411)
Vulnerability from nvd – Published: 2008-03-20 10:00 – Updated: 2024-08-07 08:24
VLAI?
Summary
The PXE Server (pxesrv.exe) in Acronis Snap Deploy 2.0.0.1076 and earlier allows remote attackers to cause a denial of service (crash) via an incomplete TFTP request, which triggers a NULL pointer dereference.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:24:41.322Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/acropxe-adv.txt"
},
{
"name": "ADV-2008-0814",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0814/references"
},
{
"name": "28182",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28182"
},
{
"name": "acronissnap-pxeserver-dos(41075)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41075"
},
{
"name": "20080310 Directory traversal and NULL pointer in Acronis PXE Server 2.0.0.1076",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/489358/100/0/threaded"
},
{
"name": "29305",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29305"
},
{
"name": "3758",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3758"
},
{
"name": "5228",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5228"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The PXE Server (pxesrv.exe) in Acronis Snap Deploy 2.0.0.1076 and earlier allows remote attackers to cause a denial of service (crash) via an incomplete TFTP request, which triggers a NULL pointer dereference."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/acropxe-adv.txt"
},
{
"name": "ADV-2008-0814",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0814/references"
},
{
"name": "28182",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28182"
},
{
"name": "acronissnap-pxeserver-dos(41075)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41075"
},
{
"name": "20080310 Directory traversal and NULL pointer in Acronis PXE Server 2.0.0.1076",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/489358/100/0/threaded"
},
{
"name": "29305",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29305"
},
{
"name": "3758",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3758"
},
{
"name": "5228",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5228"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1411",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The PXE Server (pxesrv.exe) in Acronis Snap Deploy 2.0.0.1076 and earlier allows remote attackers to cause a denial of service (crash) via an incomplete TFTP request, which triggers a NULL pointer dereference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://aluigi.altervista.org/adv/acropxe-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/acropxe-adv.txt"
},
{
"name": "ADV-2008-0814",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0814/references"
},
{
"name": "28182",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28182"
},
{
"name": "acronissnap-pxeserver-dos(41075)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41075"
},
{
"name": "20080310 Directory traversal and NULL pointer in Acronis PXE Server 2.0.0.1076",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489358/100/0/threaded"
},
{
"name": "29305",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29305"
},
{
"name": "3758",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3758"
},
{
"name": "5228",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5228"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1411",
"datePublished": "2008-03-20T10:00:00",
"dateReserved": "2008-03-19T00:00:00",
"dateUpdated": "2024-08-07T08:24:41.322Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1410 (GCVE-0-2008-1410)
Vulnerability from nvd – Published: 2008-03-20 10:00 – Updated: 2024-08-07 08:24
VLAI?
Summary
Directory traversal vulnerability in the PXE Server (pxesrv.exe) in Acronis Snap Deploy 2.0.0.1076 and earlier allows remote attackers to read arbitrary files via directory traversal sequences to the TFTP service.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:24:41.487Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "acronissnap-pxeserver-directory-traversal(41074)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41074"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/acropxe-adv.txt"
},
{
"name": "ADV-2008-0814",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0814/references"
},
{
"name": "28182",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28182"
},
{
"name": "20080310 Directory traversal and NULL pointer in Acronis PXE Server 2.0.0.1076",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/489358/100/0/threaded"
},
{
"name": "29305",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29305"
},
{
"name": "3758",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3758"
},
{
"name": "5228",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5228"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the PXE Server (pxesrv.exe) in Acronis Snap Deploy 2.0.0.1076 and earlier allows remote attackers to read arbitrary files via directory traversal sequences to the TFTP service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "acronissnap-pxeserver-directory-traversal(41074)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41074"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/acropxe-adv.txt"
},
{
"name": "ADV-2008-0814",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0814/references"
},
{
"name": "28182",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28182"
},
{
"name": "20080310 Directory traversal and NULL pointer in Acronis PXE Server 2.0.0.1076",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/489358/100/0/threaded"
},
{
"name": "29305",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29305"
},
{
"name": "3758",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3758"
},
{
"name": "5228",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5228"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1410",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the PXE Server (pxesrv.exe) in Acronis Snap Deploy 2.0.0.1076 and earlier allows remote attackers to read arbitrary files via directory traversal sequences to the TFTP service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "acronissnap-pxeserver-directory-traversal(41074)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41074"
},
{
"name": "http://aluigi.altervista.org/adv/acropxe-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/acropxe-adv.txt"
},
{
"name": "ADV-2008-0814",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0814/references"
},
{
"name": "28182",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28182"
},
{
"name": "20080310 Directory traversal and NULL pointer in Acronis PXE Server 2.0.0.1076",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489358/100/0/threaded"
},
{
"name": "29305",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29305"
},
{
"name": "3758",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3758"
},
{
"name": "5228",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5228"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1410",
"datePublished": "2008-03-20T10:00:00",
"dateReserved": "2008-03-19T00:00:00",
"dateUpdated": "2024-08-07T08:24:41.487Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}