Search criteria
66 vulnerabilities found for true_image by acronis
FKIE_CVE-2022-24114
Vulnerability from fkie_nvd - Published: 2022-02-04 23:15 - Updated: 2024-11-21 06:49
Severity ?
Summary
Local privilege escalation due to race condition on application startup. The following products are affected: Acronis Cyber Protect Home Office (macOS) before build 39605, Acronis True Image 2021 (macOS) before build 39287
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | cyber_protect_home_office | - | |
| apple | macos | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:-:*:*:*:macos:*:*",
"matchCriteriaId": "F68614CB-28F2-4BDB-AED4-109F78838AF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_1:*:*:*:macos:*:*",
"matchCriteriaId": "54625222-9064-4111-AE35-A1691580DE55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_2:*:*:*:macos:*:*",
"matchCriteriaId": "4BF0A2D9-7DE2-4401-B501-78130DE6B458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_3:*:*:*:macos:*:*",
"matchCriteriaId": "DB19EFC5-2997-4D52-BB5A-2D42B880C621",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_4:*:*:*:macos:*:*",
"matchCriteriaId": "1A9A87BC-5406-4534-9BB0-2FCDA0218FD6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acronis:cyber_protect_home_office:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8418AF63-E280-4CE2-8E5C-DCD00ABE6557",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation due to race condition on application startup. The following products are affected: Acronis Cyber Protect Home Office (macOS) before build 39605, Acronis True Image 2021 (macOS) before build 39287"
},
{
"lang": "es",
"value": "Una escalada de privilegios local debido a una condici\u00f3n de carrera en el inicio de la aplicaci\u00f3n. Los siguientes productos est\u00e1n afectados: Acronis Cyber Protect Home Office (macOS) versiones anteriores a la compilaci\u00f3n 39605, Acronis True Image 2021 (macOS) versiones anteriores a la compilaci\u00f3n 39287"
}
],
"id": "CVE-2022-24114",
"lastModified": "2024-11-21T06:49:50.053",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-04T23:15:16.047",
"references": [
{
"source": "security@acronis.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3316"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3316"
}
],
"sourceIdentifier": "security@acronis.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "security@acronis.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-24115
Vulnerability from fkie_nvd - Published: 2022-02-04 23:15 - Updated: 2024-11-21 06:49
Severity ?
Summary
Local privilege escalation due to unrestricted loading of unsigned libraries. The following products are affected: Acronis Cyber Protect Home Office (macOS) before build 39605, Acronis True Image 2021 (macOS) before build 39287
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | cyber_protect_home_office | - | |
| apple | macos | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:-:*:*:*:macos:*:*",
"matchCriteriaId": "F68614CB-28F2-4BDB-AED4-109F78838AF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_1:*:*:*:macos:*:*",
"matchCriteriaId": "54625222-9064-4111-AE35-A1691580DE55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_2:*:*:*:macos:*:*",
"matchCriteriaId": "4BF0A2D9-7DE2-4401-B501-78130DE6B458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_3:*:*:*:macos:*:*",
"matchCriteriaId": "DB19EFC5-2997-4D52-BB5A-2D42B880C621",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_4:*:*:*:macos:*:*",
"matchCriteriaId": "1A9A87BC-5406-4534-9BB0-2FCDA0218FD6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acronis:cyber_protect_home_office:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8418AF63-E280-4CE2-8E5C-DCD00ABE6557",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation due to unrestricted loading of unsigned libraries. The following products are affected: Acronis Cyber Protect Home Office (macOS) before build 39605, Acronis True Image 2021 (macOS) before build 39287"
},
{
"lang": "es",
"value": "Una escalada de privilegios local debido a una carga sin restricciones de bibliotecas sin firmar. Los siguientes productos est\u00e1n afectados: Acronis Cyber Protect Home Office (macOS) versiones anteriores a la compilaci\u00f3n 39605, Acronis True Image 2021 (macOS) versiones anteriores a la compilaci\u00f3n 39287"
}
],
"id": "CVE-2022-24115",
"lastModified": "2024-11-21T06:49:50.163",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-04T23:15:16.087",
"references": [
{
"source": "security@acronis.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3359"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3359"
}
],
"sourceIdentifier": "security@acronis.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-347"
}
],
"source": "security@acronis.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-347"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-24113
Vulnerability from fkie_nvd - Published: 2022-02-04 23:15 - Updated: 2024-11-21 06:49
Severity ?
Summary
Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27147, Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| acronis | agent | * | |
| acronis | cyber_protect | 15 | |
| acronis | cyber_protect | 15 | |
| acronis | cyber_protect | 15 | |
| acronis | cyber_protect_home_office | - | |
| microsoft | windows | - | |
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acronis:agent:*:*:*:*:*:*:*:*",
"matchCriteriaId": "85D71339-7F19-41DC-B6D2-BF776F472EE1",
"versionEndExcluding": "c21.06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_protect:15:-:*:*:*:*:*:*",
"matchCriteriaId": "89899D10-1343-4276-919A-9C1DF2DB8B55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_protect:15:update1:*:*:*:*:*:*",
"matchCriteriaId": "A77B2499-B3A4-4278-BA0D-59AB59C60352",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_protect:15:update2:*:*:*:*:*:*",
"matchCriteriaId": "BAF6A576-C320-4550-B7F8-4FCAE82FB06A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_protect_home_office:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8418AF63-E280-4CE2-8E5C-DCD00ABE6557",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:-:*:*:*:windows:*:*",
"matchCriteriaId": "F7B99318-3AA5-428D-B0D7-106128BDCE78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_1:*:*:*:windows:*:*",
"matchCriteriaId": "B1CFEB0F-588B-4B88-9169-4ADB6396C1C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_2:*:*:*:windows:*:*",
"matchCriteriaId": "54BE6067-0357-4C68-AA06-CB5EEA3DD86F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_3:*:*:*:windows:*:*",
"matchCriteriaId": "02D1EBBC-47EE-4C46-AA69-DD0B7DE1B173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_4:*:*:*:windows:*:*",
"matchCriteriaId": "0CF1A7BF-9B93-4D7C-BCD8-30DEF789B46B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_5:*:*:*:windows:*:*",
"matchCriteriaId": "B55B6ED7-C602-4C7B-88C5-B0499D61EB1E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27147, Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287"
},
{
"lang": "es",
"value": "Una escalada de privilegios local debido a permisos excesivos asignados a los procesos hijos. Los siguientes productos est\u00e1n afectados: Acronis Cyber Protect 15 (Windows) versiones anteriores a la compilaci\u00f3n 28035, Acronis Agent (Windows) versiones anteriores a la compilaci\u00f3n 27147, Acronis Cyber Protect Home Office (Windows) versiones anteriores a la compilaci\u00f3n 39612, Acronis True Image 2021 (Windows) versiones anteriores a la compilaci\u00f3n 39287"
}
],
"id": "CVE-2022-24113",
"lastModified": "2024-11-21T06:49:49.933",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-04T23:15:15.997",
"references": [
{
"source": "security@acronis.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-2881"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-2881"
}
],
"sourceIdentifier": "security@acronis.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-250"
}
],
"source": "security@acronis.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-276"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-44204
Vulnerability from fkie_nvd - Published: 2022-02-04 23:15 - Updated: 2024-11-21 06:30
Severity ?
Summary
Local privilege escalation via named pipe due to improper access control checks. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27147, Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | agent | * | |
| acronis | cyber_protect | 15 | |
| acronis | cyber_protect | 15 | |
| acronis | cyber_protect | 15 | |
| acronis | cyber_protect_home_office | - | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:*:*:*:*:-:*:*",
"matchCriteriaId": "7DC81A5D-044A-44EF-8695-748A63778291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_1:*:*:*:windows:*:*",
"matchCriteriaId": "B1CFEB0F-588B-4B88-9169-4ADB6396C1C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_2:*:*:*:windows:*:*",
"matchCriteriaId": "54BE6067-0357-4C68-AA06-CB5EEA3DD86F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_3:*:*:*:windows:*:*",
"matchCriteriaId": "02D1EBBC-47EE-4C46-AA69-DD0B7DE1B173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_4:*:*:*:windows:*:*",
"matchCriteriaId": "0CF1A7BF-9B93-4D7C-BCD8-30DEF789B46B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_5:*:*:*:windows:*:*",
"matchCriteriaId": "B55B6ED7-C602-4C7B-88C5-B0499D61EB1E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acronis:agent:*:*:*:*:*:*:*:*",
"matchCriteriaId": "85D71339-7F19-41DC-B6D2-BF776F472EE1",
"versionEndExcluding": "c21.06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_protect:15:-:*:*:*:*:*:*",
"matchCriteriaId": "89899D10-1343-4276-919A-9C1DF2DB8B55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_protect:15:update1:*:*:*:*:*:*",
"matchCriteriaId": "A77B2499-B3A4-4278-BA0D-59AB59C60352",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_protect:15:update2:*:*:*:*:*:*",
"matchCriteriaId": "BAF6A576-C320-4550-B7F8-4FCAE82FB06A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_protect_home_office:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8418AF63-E280-4CE2-8E5C-DCD00ABE6557",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation via named pipe due to improper access control checks. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27147, Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287"
},
{
"lang": "es",
"value": "Una escalada de privilegios local por medio de una tuber\u00eda con nombre debido a comprobaciones de control de acceso inapropiadas. Los siguientes productos est\u00e1n afectados: Acronis Cyber Protect 15 (Windows) versiones anteriores a la compilaci\u00f3n 28035, Acronis Agent (Windows) versiones anteriores a la compilaci\u00f3n 27147, Acronis Cyber Protect Home Office (Windows) versiones anteriores a la compilaci\u00f3n 39612, Acronis True Image 2021 (Windows) versiones anteriores a la compilaci\u00f3n 39287"
}
],
"id": "CVE-2021-44204",
"lastModified": "2024-11-21T06:30:34.300",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-04T23:15:12.013",
"references": [
{
"source": "security@acronis.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-2355"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-2355"
}
],
"sourceIdentifier": "security@acronis.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-285"
}
],
"source": "security@acronis.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-44205
Vulnerability from fkie_nvd - Published: 2022-02-04 23:15 - Updated: 2024-11-21 06:30
Severity ?
Summary
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | cyber_protect_home_office | - | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:-:*:*:*:windows:*:*",
"matchCriteriaId": "F7B99318-3AA5-428D-B0D7-106128BDCE78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_1:*:*:*:windows:*:*",
"matchCriteriaId": "B1CFEB0F-588B-4B88-9169-4ADB6396C1C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_2:*:*:*:windows:*:*",
"matchCriteriaId": "54BE6067-0357-4C68-AA06-CB5EEA3DD86F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_3:*:*:*:windows:*:*",
"matchCriteriaId": "02D1EBBC-47EE-4C46-AA69-DD0B7DE1B173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_4:*:*:*:windows:*:*",
"matchCriteriaId": "0CF1A7BF-9B93-4D7C-BCD8-30DEF789B46B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acronis:cyber_protect_home_office:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8418AF63-E280-4CE2-8E5C-DCD00ABE6557",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287"
},
{
"lang": "es",
"value": "Una escalada de privilegios local debido a una vulnerabilidad de secuestro de DLL. Los siguientes productos est\u00e1n afectados: Acronis Cyber Protect Home Office (Windows) versiones anteriores a la versi\u00f3n 39612, Acronis True Image 2021 (Windows) versiones anteriores a la versi\u00f3n 39287"
}
],
"id": "CVE-2021-44205",
"lastModified": "2024-11-21T06:30:34.457",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-04T23:15:12.057",
"references": [
{
"source": "security@acronis.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3059"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3059"
}
],
"sourceIdentifier": "security@acronis.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "security@acronis.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-44206
Vulnerability from fkie_nvd - Published: 2022-02-04 23:15 - Updated: 2024-11-21 06:30
Severity ?
Summary
Local privilege escalation due to DLL hijacking vulnerability in Acronis Media Builder service. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | cyber_protect_home_office | - | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:-:*:*:*:windows:*:*",
"matchCriteriaId": "F7B99318-3AA5-428D-B0D7-106128BDCE78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_1:*:*:*:windows:*:*",
"matchCriteriaId": "B1CFEB0F-588B-4B88-9169-4ADB6396C1C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_2:*:*:*:windows:*:*",
"matchCriteriaId": "54BE6067-0357-4C68-AA06-CB5EEA3DD86F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_3:*:*:*:windows:*:*",
"matchCriteriaId": "02D1EBBC-47EE-4C46-AA69-DD0B7DE1B173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_4:*:*:*:windows:*:*",
"matchCriteriaId": "0CF1A7BF-9B93-4D7C-BCD8-30DEF789B46B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acronis:cyber_protect_home_office:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8418AF63-E280-4CE2-8E5C-DCD00ABE6557",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation due to DLL hijacking vulnerability in Acronis Media Builder service. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287"
},
{
"lang": "es",
"value": "Una escalada local de privilegios debido a una vulnerabilidad de secuestro de DLL en el servicio Acronis Media Builder. Los siguientes productos est\u00e1n afectados: Acronis Cyber Protect Home Office (Windows) versiones anteriores a la compilaci\u00f3n 39612, Acronis True Image 2021 (Windows) versiones anteriores a la compilaci\u00f3n 39287"
}
],
"id": "CVE-2021-44206",
"lastModified": "2024-11-21T06:30:34.593",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-04T23:15:12.100",
"references": [
{
"source": "security@acronis.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3058"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3058"
}
],
"sourceIdentifier": "security@acronis.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "security@acronis.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-32581
Vulnerability from fkie_nvd - Published: 2021-08-05 20:15 - Updated: 2024-11-21 06:07
Severity ?
Summary
Acronis True Image prior to 2021 Update 4 for Windows, Acronis True Image prior to 2021 Update 5 for Mac, Acronis Agent prior to build 26653, Acronis Cyber Protect prior to build 27009 did not implement SSL certificate validation.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://kb.acronis.com/content/68413 | Vendor Advisory | |
| cve@mitre.org | https://kb.acronis.com/content/68419 | Vendor Advisory | |
| cve@mitre.org | https://kb.acronis.com/content/68648 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.acronis.com/content/68413 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.acronis.com/content/68419 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.acronis.com/content/68648 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| acronis | cyber_protect_cloud | * | |
| acronis | cyber_protection_agent | * | |
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acronis:cyber_protect_cloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA5ECF46-3C9C-42D1-9792-3B8A24C0EFF4",
"versionEndExcluding": "15.0.27009",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_protection_agent:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E4B327A6-59A3-4E8D-867B-BCD4482AC1D6",
"versionEndExcluding": "15.0.26653",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:-:*:*:*:macos:*:*",
"matchCriteriaId": "F68614CB-28F2-4BDB-AED4-109F78838AF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:-:*:*:*:windows:*:*",
"matchCriteriaId": "F7B99318-3AA5-428D-B0D7-106128BDCE78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_1:*:*:*:macos:*:*",
"matchCriteriaId": "54625222-9064-4111-AE35-A1691580DE55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_1:*:*:*:windows:*:*",
"matchCriteriaId": "B1CFEB0F-588B-4B88-9169-4ADB6396C1C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_2:*:*:*:macos:*:*",
"matchCriteriaId": "4BF0A2D9-7DE2-4401-B501-78130DE6B458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_2:*:*:*:windows:*:*",
"matchCriteriaId": "54BE6067-0357-4C68-AA06-CB5EEA3DD86F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_3:*:*:*:macos:*:*",
"matchCriteriaId": "DB19EFC5-2997-4D52-BB5A-2D42B880C621",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_3:*:*:*:windows:*:*",
"matchCriteriaId": "02D1EBBC-47EE-4C46-AA69-DD0B7DE1B173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_4:*:*:*:macos:*:*",
"matchCriteriaId": "1A9A87BC-5406-4534-9BB0-2FCDA0218FD6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Acronis True Image prior to 2021 Update 4 for Windows, Acronis True Image prior to 2021 Update 5 for Mac, Acronis Agent prior to build 26653, Acronis Cyber Protect prior to build 27009 did not implement SSL certificate validation."
},
{
"lang": "es",
"value": "Acronis True Image anterior a versi\u00f3n 2021 Update 4 para Windows, Acronis True Image anterior a versi\u00f3n 2021 Update 5 para Mac, Acronis Agent anterior a la compilaci\u00f3n 26653, Acronis Cyber Protect anterior a la compilaci\u00f3n 27009, no implementaban la comprobaci\u00f3n de certificados SSL"
}
],
"id": "CVE-2021-32581",
"lastModified": "2024-11-21T06:07:19.127",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-05T20:15:09.100",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.acronis.com/content/68413"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.acronis.com/content/68419"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.acronis.com/content/68648"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.acronis.com/content/68413"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.acronis.com/content/68419"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.acronis.com/content/68648"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-32579
Vulnerability from fkie_nvd - Published: 2021-08-05 20:15 - Updated: 2024-11-21 06:07
Severity ?
Summary
Acronis True Image prior to 2021 Update 4 for Windows and Acronis True Image prior to 2021 Update 5 for macOS allowed an unauthenticated attacker (who has a local code execution ability) to tamper with the micro-service API.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://kb.acronis.com/content/68413 | Vendor Advisory | |
| cve@mitre.org | https://kb.acronis.com/content/68419 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.acronis.com/content/68413 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.acronis.com/content/68419 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:-:*:*:*:macos:*:*",
"matchCriteriaId": "F68614CB-28F2-4BDB-AED4-109F78838AF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:-:*:*:*:windows:*:*",
"matchCriteriaId": "F7B99318-3AA5-428D-B0D7-106128BDCE78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_1:*:*:*:macos:*:*",
"matchCriteriaId": "54625222-9064-4111-AE35-A1691580DE55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_1:*:*:*:windows:*:*",
"matchCriteriaId": "B1CFEB0F-588B-4B88-9169-4ADB6396C1C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_2:*:*:*:macos:*:*",
"matchCriteriaId": "4BF0A2D9-7DE2-4401-B501-78130DE6B458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_2:*:*:*:windows:*:*",
"matchCriteriaId": "54BE6067-0357-4C68-AA06-CB5EEA3DD86F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_3:*:*:*:macos:*:*",
"matchCriteriaId": "DB19EFC5-2997-4D52-BB5A-2D42B880C621",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_3:*:*:*:windows:*:*",
"matchCriteriaId": "02D1EBBC-47EE-4C46-AA69-DD0B7DE1B173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_4:*:*:*:macos:*:*",
"matchCriteriaId": "1A9A87BC-5406-4534-9BB0-2FCDA0218FD6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Acronis True Image prior to 2021 Update 4 for Windows and Acronis True Image prior to 2021 Update 5 for macOS allowed an unauthenticated attacker (who has a local code execution ability) to tamper with the micro-service API."
},
{
"lang": "es",
"value": "Acronis True Image anterior a versi\u00f3n 2021 Update 4 para Windows y Acronis True Image anterior a versi\u00f3n 2021 Update 5 para macOS, permit\u00edan que un atacante no autenticado (con capacidad de ejecuci\u00f3n de c\u00f3digo local) manipulara la API de microservicios"
}
],
"id": "CVE-2021-32579",
"lastModified": "2024-11-21T06:07:18.813",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-05T20:15:09.027",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.acronis.com/content/68413"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.acronis.com/content/68419"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.acronis.com/content/68413"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.acronis.com/content/68419"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-32580
Vulnerability from fkie_nvd - Published: 2021-08-05 20:15 - Updated: 2024-11-21 06:07
Severity ?
Summary
Acronis True Image prior to 2021 Update 4 for Windows allowed local privilege escalation due to DLL hijacking.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://kb.acronis.com/content/68419 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.acronis.com/content/68419 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:-:*:*:*:windows:*:*",
"matchCriteriaId": "F7B99318-3AA5-428D-B0D7-106128BDCE78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_1:*:*:*:windows:*:*",
"matchCriteriaId": "B1CFEB0F-588B-4B88-9169-4ADB6396C1C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_2:*:*:*:windows:*:*",
"matchCriteriaId": "54BE6067-0357-4C68-AA06-CB5EEA3DD86F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_3:*:*:*:windows:*:*",
"matchCriteriaId": "02D1EBBC-47EE-4C46-AA69-DD0B7DE1B173",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Acronis True Image prior to 2021 Update 4 for Windows allowed local privilege escalation due to DLL hijacking."
},
{
"lang": "es",
"value": "Acronis True Image anterior a versi\u00f3n 2021 Update 4 para Windows, permit\u00eda la escalada de privilegios local debido al secuestro de DLL"
}
],
"id": "CVE-2021-32580",
"lastModified": "2024-11-21T06:07:18.973",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-05T20:15:09.063",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.acronis.com/content/68419"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.acronis.com/content/68419"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-32578
Vulnerability from fkie_nvd - Published: 2021-08-05 20:15 - Updated: 2024-11-21 06:07
Severity ?
Summary
Acronis True Image prior to 2021 Update 4 for Windows allowed local privilege escalation due to improper soft link handling (issue 2 of 2).
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://kb.acronis.com/content/68419 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.acronis.com/content/68419 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:-:*:*:*:windows:*:*",
"matchCriteriaId": "F7B99318-3AA5-428D-B0D7-106128BDCE78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_1:*:*:*:windows:*:*",
"matchCriteriaId": "B1CFEB0F-588B-4B88-9169-4ADB6396C1C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_2:*:*:*:windows:*:*",
"matchCriteriaId": "54BE6067-0357-4C68-AA06-CB5EEA3DD86F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_3:*:*:*:windows:*:*",
"matchCriteriaId": "02D1EBBC-47EE-4C46-AA69-DD0B7DE1B173",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Acronis True Image prior to 2021 Update 4 for Windows allowed local privilege escalation due to improper soft link handling (issue 2 of 2)."
},
{
"lang": "es",
"value": "Acronis True Image anterior a versi\u00f3n 2021 Update 4 para Windows permit\u00eda la escalada de privilegios local debido a la administraci\u00f3n inapropiada de enlaces blandos (problema 2 de 2)"
}
],
"id": "CVE-2021-32578",
"lastModified": "2024-11-21T06:07:18.677",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-05T20:15:08.980",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.acronis.com/content/68419"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.acronis.com/content/68419"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-610"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-32576
Vulnerability from fkie_nvd - Published: 2021-08-05 20:15 - Updated: 2024-11-21 06:07
Severity ?
Summary
Acronis True Image prior to 2021 Update 4 for Windows allowed local privilege escalation due to improper soft link handling (issue 1 of 2).
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://kb.acronis.com/content/68419 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.acronis.com/content/68419 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:-:*:*:*:windows:*:*",
"matchCriteriaId": "F7B99318-3AA5-428D-B0D7-106128BDCE78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_1:*:*:*:windows:*:*",
"matchCriteriaId": "B1CFEB0F-588B-4B88-9169-4ADB6396C1C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_2:*:*:*:windows:*:*",
"matchCriteriaId": "54BE6067-0357-4C68-AA06-CB5EEA3DD86F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_3:*:*:*:windows:*:*",
"matchCriteriaId": "02D1EBBC-47EE-4C46-AA69-DD0B7DE1B173",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Acronis True Image prior to 2021 Update 4 for Windows allowed local privilege escalation due to improper soft link handling (issue 1 of 2)."
},
{
"lang": "es",
"value": "Acronis True Image anterior a versi\u00f3n 2021 Update 4 para Windows permit\u00eda la escalada de privilegios local debido a la administraci\u00f3n inapropiada de enlaces blandos (problema 1 de 2)"
}
],
"id": "CVE-2021-32576",
"lastModified": "2024-11-21T06:07:18.370",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-05T20:15:08.907",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.acronis.com/content/68419"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.acronis.com/content/68419"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-610"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-32577
Vulnerability from fkie_nvd - Published: 2021-08-05 20:15 - Updated: 2024-11-21 06:07
Severity ?
Summary
Acronis True Image prior to 2021 Update 5 for Windows allowed local privilege escalation due to insecure folder permissions.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://kb.acronis.com/content/68413 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.acronis.com/content/68413 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 | |
| acronis | true_image | 2021 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:-:*:*:*:windows:*:*",
"matchCriteriaId": "F7B99318-3AA5-428D-B0D7-106128BDCE78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_1:*:*:*:windows:*:*",
"matchCriteriaId": "B1CFEB0F-588B-4B88-9169-4ADB6396C1C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_2:*:*:*:windows:*:*",
"matchCriteriaId": "54BE6067-0357-4C68-AA06-CB5EEA3DD86F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_3:*:*:*:windows:*:*",
"matchCriteriaId": "02D1EBBC-47EE-4C46-AA69-DD0B7DE1B173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:true_image:2021:update_4:*:*:*:windows:*:*",
"matchCriteriaId": "0CF1A7BF-9B93-4D7C-BCD8-30DEF789B46B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Acronis True Image prior to 2021 Update 5 for Windows allowed local privilege escalation due to insecure folder permissions."
},
{
"lang": "es",
"value": "Acronis True Image anterior a versi\u00f3n 2021 Update 5 para Windows permit\u00eda la escalada de privilegios local debido a los permisos no seguros de las carpetas"
}
],
"id": "CVE-2021-32577",
"lastModified": "2024-11-21T06:07:18.527",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-05T20:15:08.943",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.acronis.com/content/68413"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.acronis.com/content/68413"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2021-44204 (GCVE-0-2021-44204)
Vulnerability from cvelistv5 – Published: 2022-02-04 22:29 – Updated: 2024-09-17 01:12
VLAI?
Title
Local privilege escalation via named pipe due to improper access control checks
Summary
Local privilege escalation via named pipe due to improper access control checks. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27147, Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Acronis | Acronis Cyber Protect 15 |
Affected:
unspecified , < 28035
(custom)
|
|||||||||||||||||
|
|||||||||||||||||||
Credits
@xnand (https://hackerone.com/xnand)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:17:24.863Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-2355"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows"
],
"product": "Acronis Cyber Protect 15",
"vendor": "Acronis",
"versions": [
{
"lessThan": "28035",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows"
],
"product": "Acronis Agent",
"vendor": "Acronis",
"versions": [
{
"lessThan": "27147",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows"
],
"product": "Acronis Cyber Protect Home Office",
"vendor": "Acronis",
"versions": [
{
"lessThan": "39612",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows"
],
"product": "Acronis True Image 2021",
"vendor": "Acronis",
"versions": [
{
"lessThan": "39287",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "@xnand (https://hackerone.com/xnand)"
}
],
"datePublic": "2022-02-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation via named pipe due to improper access control checks. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27147, Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-04T22:29:33",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-2355"
}
],
"source": {
"advisory": "SEC-2355",
"defect": [
"SEC-2355"
],
"discovery": "EXTERNAL"
},
"title": "Local privilege escalation via named pipe due to improper access control checks",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@acronis.com",
"DATE_PUBLIC": "2022-02-02T00:00:00.000Z",
"ID": "CVE-2021-44204",
"STATE": "PUBLIC",
"TITLE": "Local privilege escalation via named pipe due to improper access control checks"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Acronis Cyber Protect 15",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_value": "28035"
}
]
}
},
{
"product_name": "Acronis Agent",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_value": "27147"
}
]
}
},
{
"product_name": "Acronis Cyber Protect Home Office",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_value": "39612"
}
]
}
},
{
"product_name": "Acronis True Image 2021",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_value": "39287"
}
]
}
}
]
},
"vendor_name": "Acronis"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "@xnand (https://hackerone.com/xnand)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Local privilege escalation via named pipe due to improper access control checks. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27147, Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-advisory.acronis.com/advisories/SEC-2355",
"refsource": "MISC",
"url": "https://security-advisory.acronis.com/advisories/SEC-2355"
}
]
},
"source": {
"advisory": "SEC-2355",
"defect": [
"SEC-2355"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2021-44204",
"datePublished": "2022-02-04T22:29:33.071413Z",
"dateReserved": "2021-11-24T00:00:00",
"dateUpdated": "2024-09-17T01:12:21.982Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-44206 (GCVE-0-2021-44206)
Vulnerability from cvelistv5 – Published: 2022-02-04 22:29 – Updated: 2024-09-16 22:45
VLAI?
Title
Local privilege escalation due to DLL hijacking vulnerability in Acronis Media Builder service
Summary
Local privilege escalation due to DLL hijacking vulnerability in Acronis Media Builder service. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Acronis | Acronis Cyber Protect Home Office |
Affected:
unspecified , < 39612
(custom)
|
|||||||
|
|||||||||
Credits
@xdanes09 (https://hackerone.com/xdanes09)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:17:24.550Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3058"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows"
],
"product": "Acronis Cyber Protect Home Office",
"vendor": "Acronis",
"versions": [
{
"lessThan": "39612",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows"
],
"product": "Acronis True Image 2021",
"vendor": "Acronis",
"versions": [
{
"lessThan": "39287",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "@xdanes09 (https://hackerone.com/xdanes09)"
}
],
"datePublic": "2022-02-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation due to DLL hijacking vulnerability in Acronis Media Builder service. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-04T22:29:33",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3058"
}
],
"source": {
"advisory": "SEC-3058",
"defect": [
"SEC-3058"
],
"discovery": "EXTERNAL"
},
"title": "Local privilege escalation due to DLL hijacking vulnerability in Acronis Media Builder service",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@acronis.com",
"DATE_PUBLIC": "2022-02-02T00:00:00.000Z",
"ID": "CVE-2021-44206",
"STATE": "PUBLIC",
"TITLE": "Local privilege escalation due to DLL hijacking vulnerability in Acronis Media Builder service"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Acronis Cyber Protect Home Office",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_value": "39612"
}
]
}
},
{
"product_name": "Acronis True Image 2021",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_value": "39287"
}
]
}
}
]
},
"vendor_name": "Acronis"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "@xdanes09 (https://hackerone.com/xdanes09)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Local privilege escalation due to DLL hijacking vulnerability in Acronis Media Builder service. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-427"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-advisory.acronis.com/advisories/SEC-3058",
"refsource": "MISC",
"url": "https://security-advisory.acronis.com/advisories/SEC-3058"
}
]
},
"source": {
"advisory": "SEC-3058",
"defect": [
"SEC-3058"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2021-44206",
"datePublished": "2022-02-04T22:29:33.897481Z",
"dateReserved": "2021-11-24T00:00:00",
"dateUpdated": "2024-09-16T22:45:14.240Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24114 (GCVE-0-2022-24114)
Vulnerability from cvelistv5 – Published: 2022-02-04 22:29 – Updated: 2024-09-17 03:07
VLAI?
Title
Local privilege escalation due to race condition on application startup
Summary
Local privilege escalation due to race condition on application startup. The following products are affected: Acronis Cyber Protect Home Office (macOS) before build 39605, Acronis True Image 2021 (macOS) before build 39287
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Acronis | Acronis Cyber Protect Home Office |
Affected:
unspecified , < 39605
(custom)
|
|||||||
|
|||||||||
Credits
@vkas-afk (https://hackerone.com/vkas-afk)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:59:23.673Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3316"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"macOS"
],
"product": "Acronis Cyber Protect Home Office",
"vendor": "Acronis",
"versions": [
{
"lessThan": "39605",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"macOS"
],
"product": "Acronis True Image 2021",
"vendor": "Acronis",
"versions": [
{
"lessThan": "39287",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "@vkas-afk (https://hackerone.com/vkas-afk)"
}
],
"datePublic": "2022-02-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation due to race condition on application startup. The following products are affected: Acronis Cyber Protect Home Office (macOS) before build 39605, Acronis True Image 2021 (macOS) before build 39287"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-04T22:29:32",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3316"
}
],
"source": {
"advisory": "SEC-3316",
"defect": [
"SEC-3316"
],
"discovery": "EXTERNAL"
},
"title": "Local privilege escalation due to race condition on application startup",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@acronis.com",
"DATE_PUBLIC": "2022-02-02T00:00:00.000Z",
"ID": "CVE-2022-24114",
"STATE": "PUBLIC",
"TITLE": "Local privilege escalation due to race condition on application startup"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Acronis Cyber Protect Home Office",
"version": {
"version_data": [
{
"platform": "macOS",
"version_affected": "\u003c",
"version_value": "39605"
}
]
}
},
{
"product_name": "Acronis True Image 2021",
"version": {
"version_data": [
{
"platform": "macOS",
"version_affected": "\u003c",
"version_value": "39287"
}
]
}
}
]
},
"vendor_name": "Acronis"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "@vkas-afk (https://hackerone.com/vkas-afk)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Local privilege escalation due to race condition on application startup. The following products are affected: Acronis Cyber Protect Home Office (macOS) before build 39605, Acronis True Image 2021 (macOS) before build 39287"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-362"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-advisory.acronis.com/advisories/SEC-3316",
"refsource": "MISC",
"url": "https://security-advisory.acronis.com/advisories/SEC-3316"
}
]
},
"source": {
"advisory": "SEC-3316",
"defect": [
"SEC-3316"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2022-24114",
"datePublished": "2022-02-04T22:29:32.323632Z",
"dateReserved": "2022-01-28T00:00:00",
"dateUpdated": "2024-09-17T03:07:25.536Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-44205 (GCVE-0-2021-44205)
Vulnerability from cvelistv5 – Published: 2022-02-04 22:29 – Updated: 2024-09-17 01:36
VLAI?
Title
Local privilege escalation due to DLL hijacking vulnerability
Summary
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Acronis | Acronis Cyber Protect Home Office |
Affected:
unspecified , < 39612
(custom)
|
|||||||
|
|||||||||
Credits
@xdanes09 (https://hackerone.com/xdanes09)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:17:24.843Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3059"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows"
],
"product": "Acronis Cyber Protect Home Office",
"vendor": "Acronis",
"versions": [
{
"lessThan": "39612",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows"
],
"product": "Acronis True Image 2021",
"vendor": "Acronis",
"versions": [
{
"lessThan": "39287",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "@xdanes09 (https://hackerone.com/xdanes09)"
}
],
"datePublic": "2022-02-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-04T22:29:31",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3059"
}
],
"source": {
"advisory": "SEC-3059",
"defect": [
"SEC-3059"
],
"discovery": "EXTERNAL"
},
"title": "Local privilege escalation due to DLL hijacking vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@acronis.com",
"DATE_PUBLIC": "2022-02-02T00:00:00.000Z",
"ID": "CVE-2021-44205",
"STATE": "PUBLIC",
"TITLE": "Local privilege escalation due to DLL hijacking vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Acronis Cyber Protect Home Office",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_value": "39612"
}
]
}
},
{
"product_name": "Acronis True Image 2021",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_value": "39287"
}
]
}
}
]
},
"vendor_name": "Acronis"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "@xdanes09 (https://hackerone.com/xdanes09)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-427"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-advisory.acronis.com/advisories/SEC-3059",
"refsource": "MISC",
"url": "https://security-advisory.acronis.com/advisories/SEC-3059"
}
]
},
"source": {
"advisory": "SEC-3059",
"defect": [
"SEC-3059"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2021-44205",
"datePublished": "2022-02-04T22:29:31.627056Z",
"dateReserved": "2021-11-24T00:00:00",
"dateUpdated": "2024-09-17T01:36:39.205Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24113 (GCVE-0-2022-24113)
Vulnerability from cvelistv5 – Published: 2022-02-04 22:29 – Updated: 2024-09-16 19:57
VLAI?
Title
Local privilege escalation due to excessive permissions assigned to child processes
Summary
Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27147, Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Acronis | Acronis Cyber Protect 15 |
Affected:
unspecified , < 28035
(custom)
|
|||||||||||||||||
|
|||||||||||||||||||
Credits
@penrose (https://hackerone.com/penrose)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:59:23.553Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-2881"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows"
],
"product": "Acronis Cyber Protect 15",
"vendor": "Acronis",
"versions": [
{
"lessThan": "28035",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows"
],
"product": "Acronis Agent",
"vendor": "Acronis",
"versions": [
{
"lessThan": "27147",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows"
],
"product": "Acronis Cyber Protect Home Office",
"vendor": "Acronis",
"versions": [
{
"lessThan": "39612",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows"
],
"product": "Acronis True Image 2021",
"vendor": "Acronis",
"versions": [
{
"lessThan": "39287",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "@penrose (https://hackerone.com/penrose)"
}
],
"datePublic": "2022-02-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27147, Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-04T22:29:30",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-2881"
}
],
"source": {
"advisory": "SEC-2881",
"defect": [
"SEC-2881"
],
"discovery": "EXTERNAL"
},
"title": "Local privilege escalation due to excessive permissions assigned to child processes",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@acronis.com",
"DATE_PUBLIC": "2022-02-02T00:00:00.000Z",
"ID": "CVE-2022-24113",
"STATE": "PUBLIC",
"TITLE": "Local privilege escalation due to excessive permissions assigned to child processes"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Acronis Cyber Protect 15",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_value": "28035"
}
]
}
},
{
"product_name": "Acronis Agent",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_value": "27147"
}
]
}
},
{
"product_name": "Acronis Cyber Protect Home Office",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_value": "39612"
}
]
}
},
{
"product_name": "Acronis True Image 2021",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_value": "39287"
}
]
}
}
]
},
"vendor_name": "Acronis"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "@penrose (https://hackerone.com/penrose)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27147, Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-250"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-advisory.acronis.com/advisories/SEC-2881",
"refsource": "MISC",
"url": "https://security-advisory.acronis.com/advisories/SEC-2881"
}
]
},
"source": {
"advisory": "SEC-2881",
"defect": [
"SEC-2881"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2022-24113",
"datePublished": "2022-02-04T22:29:30.215128Z",
"dateReserved": "2022-01-28T00:00:00",
"dateUpdated": "2024-09-16T19:57:01.189Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24115 (GCVE-0-2022-24115)
Vulnerability from cvelistv5 – Published: 2022-02-04 22:29 – Updated: 2024-09-16 16:52
VLAI?
Title
Local privilege escalation due to unrestricted loading of unsigned libraries
Summary
Local privilege escalation due to unrestricted loading of unsigned libraries. The following products are affected: Acronis Cyber Protect Home Office (macOS) before build 39605, Acronis True Image 2021 (macOS) before build 39287
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Acronis | Acronis Cyber Protect Home Office |
Affected:
unspecified , < 39605
(custom)
|
|||||||
|
|||||||||
Credits
@vkas-afk (https://hackerone.com/vkas-afk)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:59:23.626Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3359"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"macOS"
],
"product": "Acronis Cyber Protect Home Office",
"vendor": "Acronis",
"versions": [
{
"lessThan": "39605",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"macOS"
],
"product": "Acronis True Image 2021",
"vendor": "Acronis",
"versions": [
{
"lessThan": "39287",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "@vkas-afk (https://hackerone.com/vkas-afk)"
}
],
"datePublic": "2022-02-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation due to unrestricted loading of unsigned libraries. The following products are affected: Acronis Cyber Protect Home Office (macOS) before build 39605, Acronis True Image 2021 (macOS) before build 39287"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-04T22:29:30",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3359"
}
],
"source": {
"advisory": "SEC-3359",
"defect": [
"SEC-3359"
],
"discovery": "EXTERNAL"
},
"title": "Local privilege escalation due to unrestricted loading of unsigned libraries",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@acronis.com",
"DATE_PUBLIC": "2022-02-02T00:00:00.000Z",
"ID": "CVE-2022-24115",
"STATE": "PUBLIC",
"TITLE": "Local privilege escalation due to unrestricted loading of unsigned libraries"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Acronis Cyber Protect Home Office",
"version": {
"version_data": [
{
"platform": "macOS",
"version_affected": "\u003c",
"version_value": "39605"
}
]
}
},
{
"product_name": "Acronis True Image 2021",
"version": {
"version_data": [
{
"platform": "macOS",
"version_affected": "\u003c",
"version_value": "39287"
}
]
}
}
]
},
"vendor_name": "Acronis"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "@vkas-afk (https://hackerone.com/vkas-afk)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Local privilege escalation due to unrestricted loading of unsigned libraries. The following products are affected: Acronis Cyber Protect Home Office (macOS) before build 39605, Acronis True Image 2021 (macOS) before build 39287"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-347"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-advisory.acronis.com/advisories/SEC-3359",
"refsource": "MISC",
"url": "https://security-advisory.acronis.com/advisories/SEC-3359"
}
]
},
"source": {
"advisory": "SEC-3359",
"defect": [
"SEC-3359"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2022-24115",
"datePublished": "2022-02-04T22:29:30.925782Z",
"dateReserved": "2022-01-28T00:00:00",
"dateUpdated": "2024-09-16T16:52:37.123Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32577 (GCVE-0-2021-32577)
Vulnerability from cvelistv5 – Published: 2021-08-05 19:21 – Updated: 2024-08-03 23:25
VLAI?
Summary
Acronis True Image prior to 2021 Update 5 for Windows allowed local privilege escalation due to insecure folder permissions.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:25:29.968Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.acronis.com/content/68413"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Acronis True Image prior to 2021 Update 5 for Windows allowed local privilege escalation due to insecure folder permissions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-05T19:21:04",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.acronis.com/content/68413"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-32577",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Acronis True Image prior to 2021 Update 5 for Windows allowed local privilege escalation due to insecure folder permissions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.acronis.com/content/68413",
"refsource": "MISC",
"url": "https://kb.acronis.com/content/68413"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-32577",
"datePublished": "2021-08-05T19:21:04",
"dateReserved": "2021-05-11T00:00:00",
"dateUpdated": "2024-08-03T23:25:29.968Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32581 (GCVE-0-2021-32581)
Vulnerability from cvelistv5 – Published: 2021-08-05 19:19 – Updated: 2024-08-03 23:25
VLAI?
Summary
Acronis True Image prior to 2021 Update 4 for Windows, Acronis True Image prior to 2021 Update 5 for Mac, Acronis Agent prior to build 26653, Acronis Cyber Protect prior to build 27009 did not implement SSL certificate validation.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:25:30.448Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.acronis.com/content/68419"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.acronis.com/content/68413"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.acronis.com/content/68648"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Acronis True Image prior to 2021 Update 4 for Windows, Acronis True Image prior to 2021 Update 5 for Mac, Acronis Agent prior to build 26653, Acronis Cyber Protect prior to build 27009 did not implement SSL certificate validation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-05T19:19:41",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.acronis.com/content/68419"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.acronis.com/content/68413"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.acronis.com/content/68648"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-32581",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Acronis True Image prior to 2021 Update 4 for Windows, Acronis True Image prior to 2021 Update 5 for Mac, Acronis Agent prior to build 26653, Acronis Cyber Protect prior to build 27009 did not implement SSL certificate validation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.acronis.com/content/68419",
"refsource": "MISC",
"url": "https://kb.acronis.com/content/68419"
},
{
"name": "https://kb.acronis.com/content/68413",
"refsource": "MISC",
"url": "https://kb.acronis.com/content/68413"
},
{
"name": "https://kb.acronis.com/content/68648",
"refsource": "MISC",
"url": "https://kb.acronis.com/content/68648"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-32581",
"datePublished": "2021-08-05T19:19:41",
"dateReserved": "2021-05-11T00:00:00",
"dateUpdated": "2024-08-03T23:25:30.448Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32578 (GCVE-0-2021-32578)
Vulnerability from cvelistv5 – Published: 2021-08-05 19:16 – Updated: 2024-08-03 23:25
VLAI?
Summary
Acronis True Image prior to 2021 Update 4 for Windows allowed local privilege escalation due to improper soft link handling (issue 2 of 2).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:25:30.317Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.acronis.com/content/68419"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Acronis True Image prior to 2021 Update 4 for Windows allowed local privilege escalation due to improper soft link handling (issue 2 of 2)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-05T19:16:41",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.acronis.com/content/68419"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-32578",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Acronis True Image prior to 2021 Update 4 for Windows allowed local privilege escalation due to improper soft link handling (issue 2 of 2)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.acronis.com/content/68419",
"refsource": "MISC",
"url": "https://kb.acronis.com/content/68419"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-32578",
"datePublished": "2021-08-05T19:16:41",
"dateReserved": "2021-05-11T00:00:00",
"dateUpdated": "2024-08-03T23:25:30.317Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-44204 (GCVE-0-2021-44204)
Vulnerability from nvd – Published: 2022-02-04 22:29 – Updated: 2024-09-17 01:12
VLAI?
Title
Local privilege escalation via named pipe due to improper access control checks
Summary
Local privilege escalation via named pipe due to improper access control checks. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27147, Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Acronis | Acronis Cyber Protect 15 |
Affected:
unspecified , < 28035
(custom)
|
|||||||||||||||||
|
|||||||||||||||||||
Credits
@xnand (https://hackerone.com/xnand)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:17:24.863Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-2355"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows"
],
"product": "Acronis Cyber Protect 15",
"vendor": "Acronis",
"versions": [
{
"lessThan": "28035",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows"
],
"product": "Acronis Agent",
"vendor": "Acronis",
"versions": [
{
"lessThan": "27147",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows"
],
"product": "Acronis Cyber Protect Home Office",
"vendor": "Acronis",
"versions": [
{
"lessThan": "39612",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows"
],
"product": "Acronis True Image 2021",
"vendor": "Acronis",
"versions": [
{
"lessThan": "39287",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "@xnand (https://hackerone.com/xnand)"
}
],
"datePublic": "2022-02-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation via named pipe due to improper access control checks. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27147, Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-04T22:29:33",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-2355"
}
],
"source": {
"advisory": "SEC-2355",
"defect": [
"SEC-2355"
],
"discovery": "EXTERNAL"
},
"title": "Local privilege escalation via named pipe due to improper access control checks",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@acronis.com",
"DATE_PUBLIC": "2022-02-02T00:00:00.000Z",
"ID": "CVE-2021-44204",
"STATE": "PUBLIC",
"TITLE": "Local privilege escalation via named pipe due to improper access control checks"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Acronis Cyber Protect 15",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_value": "28035"
}
]
}
},
{
"product_name": "Acronis Agent",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_value": "27147"
}
]
}
},
{
"product_name": "Acronis Cyber Protect Home Office",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_value": "39612"
}
]
}
},
{
"product_name": "Acronis True Image 2021",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_value": "39287"
}
]
}
}
]
},
"vendor_name": "Acronis"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "@xnand (https://hackerone.com/xnand)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Local privilege escalation via named pipe due to improper access control checks. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27147, Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-advisory.acronis.com/advisories/SEC-2355",
"refsource": "MISC",
"url": "https://security-advisory.acronis.com/advisories/SEC-2355"
}
]
},
"source": {
"advisory": "SEC-2355",
"defect": [
"SEC-2355"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2021-44204",
"datePublished": "2022-02-04T22:29:33.071413Z",
"dateReserved": "2021-11-24T00:00:00",
"dateUpdated": "2024-09-17T01:12:21.982Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-44206 (GCVE-0-2021-44206)
Vulnerability from nvd – Published: 2022-02-04 22:29 – Updated: 2024-09-16 22:45
VLAI?
Title
Local privilege escalation due to DLL hijacking vulnerability in Acronis Media Builder service
Summary
Local privilege escalation due to DLL hijacking vulnerability in Acronis Media Builder service. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Acronis | Acronis Cyber Protect Home Office |
Affected:
unspecified , < 39612
(custom)
|
|||||||
|
|||||||||
Credits
@xdanes09 (https://hackerone.com/xdanes09)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:17:24.550Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3058"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows"
],
"product": "Acronis Cyber Protect Home Office",
"vendor": "Acronis",
"versions": [
{
"lessThan": "39612",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows"
],
"product": "Acronis True Image 2021",
"vendor": "Acronis",
"versions": [
{
"lessThan": "39287",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "@xdanes09 (https://hackerone.com/xdanes09)"
}
],
"datePublic": "2022-02-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation due to DLL hijacking vulnerability in Acronis Media Builder service. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-04T22:29:33",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3058"
}
],
"source": {
"advisory": "SEC-3058",
"defect": [
"SEC-3058"
],
"discovery": "EXTERNAL"
},
"title": "Local privilege escalation due to DLL hijacking vulnerability in Acronis Media Builder service",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@acronis.com",
"DATE_PUBLIC": "2022-02-02T00:00:00.000Z",
"ID": "CVE-2021-44206",
"STATE": "PUBLIC",
"TITLE": "Local privilege escalation due to DLL hijacking vulnerability in Acronis Media Builder service"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Acronis Cyber Protect Home Office",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_value": "39612"
}
]
}
},
{
"product_name": "Acronis True Image 2021",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_value": "39287"
}
]
}
}
]
},
"vendor_name": "Acronis"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "@xdanes09 (https://hackerone.com/xdanes09)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Local privilege escalation due to DLL hijacking vulnerability in Acronis Media Builder service. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-427"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-advisory.acronis.com/advisories/SEC-3058",
"refsource": "MISC",
"url": "https://security-advisory.acronis.com/advisories/SEC-3058"
}
]
},
"source": {
"advisory": "SEC-3058",
"defect": [
"SEC-3058"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2021-44206",
"datePublished": "2022-02-04T22:29:33.897481Z",
"dateReserved": "2021-11-24T00:00:00",
"dateUpdated": "2024-09-16T22:45:14.240Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24114 (GCVE-0-2022-24114)
Vulnerability from nvd – Published: 2022-02-04 22:29 – Updated: 2024-09-17 03:07
VLAI?
Title
Local privilege escalation due to race condition on application startup
Summary
Local privilege escalation due to race condition on application startup. The following products are affected: Acronis Cyber Protect Home Office (macOS) before build 39605, Acronis True Image 2021 (macOS) before build 39287
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Acronis | Acronis Cyber Protect Home Office |
Affected:
unspecified , < 39605
(custom)
|
|||||||
|
|||||||||
Credits
@vkas-afk (https://hackerone.com/vkas-afk)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:59:23.673Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3316"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"macOS"
],
"product": "Acronis Cyber Protect Home Office",
"vendor": "Acronis",
"versions": [
{
"lessThan": "39605",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"macOS"
],
"product": "Acronis True Image 2021",
"vendor": "Acronis",
"versions": [
{
"lessThan": "39287",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "@vkas-afk (https://hackerone.com/vkas-afk)"
}
],
"datePublic": "2022-02-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation due to race condition on application startup. The following products are affected: Acronis Cyber Protect Home Office (macOS) before build 39605, Acronis True Image 2021 (macOS) before build 39287"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-04T22:29:32",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3316"
}
],
"source": {
"advisory": "SEC-3316",
"defect": [
"SEC-3316"
],
"discovery": "EXTERNAL"
},
"title": "Local privilege escalation due to race condition on application startup",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@acronis.com",
"DATE_PUBLIC": "2022-02-02T00:00:00.000Z",
"ID": "CVE-2022-24114",
"STATE": "PUBLIC",
"TITLE": "Local privilege escalation due to race condition on application startup"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Acronis Cyber Protect Home Office",
"version": {
"version_data": [
{
"platform": "macOS",
"version_affected": "\u003c",
"version_value": "39605"
}
]
}
},
{
"product_name": "Acronis True Image 2021",
"version": {
"version_data": [
{
"platform": "macOS",
"version_affected": "\u003c",
"version_value": "39287"
}
]
}
}
]
},
"vendor_name": "Acronis"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "@vkas-afk (https://hackerone.com/vkas-afk)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Local privilege escalation due to race condition on application startup. The following products are affected: Acronis Cyber Protect Home Office (macOS) before build 39605, Acronis True Image 2021 (macOS) before build 39287"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-362"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-advisory.acronis.com/advisories/SEC-3316",
"refsource": "MISC",
"url": "https://security-advisory.acronis.com/advisories/SEC-3316"
}
]
},
"source": {
"advisory": "SEC-3316",
"defect": [
"SEC-3316"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2022-24114",
"datePublished": "2022-02-04T22:29:32.323632Z",
"dateReserved": "2022-01-28T00:00:00",
"dateUpdated": "2024-09-17T03:07:25.536Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-44205 (GCVE-0-2021-44205)
Vulnerability from nvd – Published: 2022-02-04 22:29 – Updated: 2024-09-17 01:36
VLAI?
Title
Local privilege escalation due to DLL hijacking vulnerability
Summary
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Acronis | Acronis Cyber Protect Home Office |
Affected:
unspecified , < 39612
(custom)
|
|||||||
|
|||||||||
Credits
@xdanes09 (https://hackerone.com/xdanes09)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:17:24.843Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3059"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows"
],
"product": "Acronis Cyber Protect Home Office",
"vendor": "Acronis",
"versions": [
{
"lessThan": "39612",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows"
],
"product": "Acronis True Image 2021",
"vendor": "Acronis",
"versions": [
{
"lessThan": "39287",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "@xdanes09 (https://hackerone.com/xdanes09)"
}
],
"datePublic": "2022-02-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-04T22:29:31",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3059"
}
],
"source": {
"advisory": "SEC-3059",
"defect": [
"SEC-3059"
],
"discovery": "EXTERNAL"
},
"title": "Local privilege escalation due to DLL hijacking vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@acronis.com",
"DATE_PUBLIC": "2022-02-02T00:00:00.000Z",
"ID": "CVE-2021-44205",
"STATE": "PUBLIC",
"TITLE": "Local privilege escalation due to DLL hijacking vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Acronis Cyber Protect Home Office",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_value": "39612"
}
]
}
},
{
"product_name": "Acronis True Image 2021",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_value": "39287"
}
]
}
}
]
},
"vendor_name": "Acronis"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "@xdanes09 (https://hackerone.com/xdanes09)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-427"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-advisory.acronis.com/advisories/SEC-3059",
"refsource": "MISC",
"url": "https://security-advisory.acronis.com/advisories/SEC-3059"
}
]
},
"source": {
"advisory": "SEC-3059",
"defect": [
"SEC-3059"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2021-44205",
"datePublished": "2022-02-04T22:29:31.627056Z",
"dateReserved": "2021-11-24T00:00:00",
"dateUpdated": "2024-09-17T01:36:39.205Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24113 (GCVE-0-2022-24113)
Vulnerability from nvd – Published: 2022-02-04 22:29 – Updated: 2024-09-16 19:57
VLAI?
Title
Local privilege escalation due to excessive permissions assigned to child processes
Summary
Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27147, Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Acronis | Acronis Cyber Protect 15 |
Affected:
unspecified , < 28035
(custom)
|
|||||||||||||||||
|
|||||||||||||||||||
Credits
@penrose (https://hackerone.com/penrose)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:59:23.553Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-2881"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows"
],
"product": "Acronis Cyber Protect 15",
"vendor": "Acronis",
"versions": [
{
"lessThan": "28035",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows"
],
"product": "Acronis Agent",
"vendor": "Acronis",
"versions": [
{
"lessThan": "27147",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows"
],
"product": "Acronis Cyber Protect Home Office",
"vendor": "Acronis",
"versions": [
{
"lessThan": "39612",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows"
],
"product": "Acronis True Image 2021",
"vendor": "Acronis",
"versions": [
{
"lessThan": "39287",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "@penrose (https://hackerone.com/penrose)"
}
],
"datePublic": "2022-02-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27147, Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-04T22:29:30",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-2881"
}
],
"source": {
"advisory": "SEC-2881",
"defect": [
"SEC-2881"
],
"discovery": "EXTERNAL"
},
"title": "Local privilege escalation due to excessive permissions assigned to child processes",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@acronis.com",
"DATE_PUBLIC": "2022-02-02T00:00:00.000Z",
"ID": "CVE-2022-24113",
"STATE": "PUBLIC",
"TITLE": "Local privilege escalation due to excessive permissions assigned to child processes"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Acronis Cyber Protect 15",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_value": "28035"
}
]
}
},
{
"product_name": "Acronis Agent",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_value": "27147"
}
]
}
},
{
"product_name": "Acronis Cyber Protect Home Office",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_value": "39612"
}
]
}
},
{
"product_name": "Acronis True Image 2021",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_value": "39287"
}
]
}
}
]
},
"vendor_name": "Acronis"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "@penrose (https://hackerone.com/penrose)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27147, Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-250"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-advisory.acronis.com/advisories/SEC-2881",
"refsource": "MISC",
"url": "https://security-advisory.acronis.com/advisories/SEC-2881"
}
]
},
"source": {
"advisory": "SEC-2881",
"defect": [
"SEC-2881"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2022-24113",
"datePublished": "2022-02-04T22:29:30.215128Z",
"dateReserved": "2022-01-28T00:00:00",
"dateUpdated": "2024-09-16T19:57:01.189Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24115 (GCVE-0-2022-24115)
Vulnerability from nvd – Published: 2022-02-04 22:29 – Updated: 2024-09-16 16:52
VLAI?
Title
Local privilege escalation due to unrestricted loading of unsigned libraries
Summary
Local privilege escalation due to unrestricted loading of unsigned libraries. The following products are affected: Acronis Cyber Protect Home Office (macOS) before build 39605, Acronis True Image 2021 (macOS) before build 39287
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Acronis | Acronis Cyber Protect Home Office |
Affected:
unspecified , < 39605
(custom)
|
|||||||
|
|||||||||
Credits
@vkas-afk (https://hackerone.com/vkas-afk)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:59:23.626Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3359"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"macOS"
],
"product": "Acronis Cyber Protect Home Office",
"vendor": "Acronis",
"versions": [
{
"lessThan": "39605",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"macOS"
],
"product": "Acronis True Image 2021",
"vendor": "Acronis",
"versions": [
{
"lessThan": "39287",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "@vkas-afk (https://hackerone.com/vkas-afk)"
}
],
"datePublic": "2022-02-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation due to unrestricted loading of unsigned libraries. The following products are affected: Acronis Cyber Protect Home Office (macOS) before build 39605, Acronis True Image 2021 (macOS) before build 39287"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-04T22:29:30",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3359"
}
],
"source": {
"advisory": "SEC-3359",
"defect": [
"SEC-3359"
],
"discovery": "EXTERNAL"
},
"title": "Local privilege escalation due to unrestricted loading of unsigned libraries",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@acronis.com",
"DATE_PUBLIC": "2022-02-02T00:00:00.000Z",
"ID": "CVE-2022-24115",
"STATE": "PUBLIC",
"TITLE": "Local privilege escalation due to unrestricted loading of unsigned libraries"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Acronis Cyber Protect Home Office",
"version": {
"version_data": [
{
"platform": "macOS",
"version_affected": "\u003c",
"version_value": "39605"
}
]
}
},
{
"product_name": "Acronis True Image 2021",
"version": {
"version_data": [
{
"platform": "macOS",
"version_affected": "\u003c",
"version_value": "39287"
}
]
}
}
]
},
"vendor_name": "Acronis"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "@vkas-afk (https://hackerone.com/vkas-afk)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Local privilege escalation due to unrestricted loading of unsigned libraries. The following products are affected: Acronis Cyber Protect Home Office (macOS) before build 39605, Acronis True Image 2021 (macOS) before build 39287"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-347"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-advisory.acronis.com/advisories/SEC-3359",
"refsource": "MISC",
"url": "https://security-advisory.acronis.com/advisories/SEC-3359"
}
]
},
"source": {
"advisory": "SEC-3359",
"defect": [
"SEC-3359"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2022-24115",
"datePublished": "2022-02-04T22:29:30.925782Z",
"dateReserved": "2022-01-28T00:00:00",
"dateUpdated": "2024-09-16T16:52:37.123Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32577 (GCVE-0-2021-32577)
Vulnerability from nvd – Published: 2021-08-05 19:21 – Updated: 2024-08-03 23:25
VLAI?
Summary
Acronis True Image prior to 2021 Update 5 for Windows allowed local privilege escalation due to insecure folder permissions.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:25:29.968Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.acronis.com/content/68413"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Acronis True Image prior to 2021 Update 5 for Windows allowed local privilege escalation due to insecure folder permissions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-05T19:21:04",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.acronis.com/content/68413"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-32577",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Acronis True Image prior to 2021 Update 5 for Windows allowed local privilege escalation due to insecure folder permissions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.acronis.com/content/68413",
"refsource": "MISC",
"url": "https://kb.acronis.com/content/68413"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-32577",
"datePublished": "2021-08-05T19:21:04",
"dateReserved": "2021-05-11T00:00:00",
"dateUpdated": "2024-08-03T23:25:29.968Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32581 (GCVE-0-2021-32581)
Vulnerability from nvd – Published: 2021-08-05 19:19 – Updated: 2024-08-03 23:25
VLAI?
Summary
Acronis True Image prior to 2021 Update 4 for Windows, Acronis True Image prior to 2021 Update 5 for Mac, Acronis Agent prior to build 26653, Acronis Cyber Protect prior to build 27009 did not implement SSL certificate validation.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:25:30.448Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.acronis.com/content/68419"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.acronis.com/content/68413"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.acronis.com/content/68648"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Acronis True Image prior to 2021 Update 4 for Windows, Acronis True Image prior to 2021 Update 5 for Mac, Acronis Agent prior to build 26653, Acronis Cyber Protect prior to build 27009 did not implement SSL certificate validation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-05T19:19:41",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.acronis.com/content/68419"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.acronis.com/content/68413"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.acronis.com/content/68648"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-32581",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Acronis True Image prior to 2021 Update 4 for Windows, Acronis True Image prior to 2021 Update 5 for Mac, Acronis Agent prior to build 26653, Acronis Cyber Protect prior to build 27009 did not implement SSL certificate validation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.acronis.com/content/68419",
"refsource": "MISC",
"url": "https://kb.acronis.com/content/68419"
},
{
"name": "https://kb.acronis.com/content/68413",
"refsource": "MISC",
"url": "https://kb.acronis.com/content/68413"
},
{
"name": "https://kb.acronis.com/content/68648",
"refsource": "MISC",
"url": "https://kb.acronis.com/content/68648"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-32581",
"datePublished": "2021-08-05T19:19:41",
"dateReserved": "2021-05-11T00:00:00",
"dateUpdated": "2024-08-03T23:25:30.448Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32578 (GCVE-0-2021-32578)
Vulnerability from nvd – Published: 2021-08-05 19:16 – Updated: 2024-08-03 23:25
VLAI?
Summary
Acronis True Image prior to 2021 Update 4 for Windows allowed local privilege escalation due to improper soft link handling (issue 2 of 2).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:25:30.317Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.acronis.com/content/68419"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Acronis True Image prior to 2021 Update 4 for Windows allowed local privilege escalation due to improper soft link handling (issue 2 of 2)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-05T19:16:41",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.acronis.com/content/68419"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-32578",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Acronis True Image prior to 2021 Update 4 for Windows allowed local privilege escalation due to improper soft link handling (issue 2 of 2)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.acronis.com/content/68419",
"refsource": "MISC",
"url": "https://kb.acronis.com/content/68419"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-32578",
"datePublished": "2021-08-05T19:16:41",
"dateReserved": "2021-05-11T00:00:00",
"dateUpdated": "2024-08-03T23:25:30.317Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}