Vulnerabilites related to acronis - cyber_backup
CVE-2020-10138 (GCVE-0-2020-10138)
Vulnerability from cvelistv5
Published
2020-10-21 13:40
Modified
2024-08-04 10:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-284 - Improper Access Control
Summary
Acronis Cyber Backup 12.5 and Cyber Protect 15 include an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkins_agent\. Acronis Cyber Backup and Cyber Protect contain a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system root, a user can create the appropriate path to a specially-crafted openssl.cnf file to achieve arbitrary code execution with SYSTEM privileges.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | Acronis | Cyber Backup |
Version: 12.5 < 16363 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:50:57.887Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/114757"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cyber Backup",
"vendor": "Acronis",
"versions": [
{
"lessThan": "16363",
"status": "affected",
"version": "12.5",
"versionType": "custom"
}
]
},
{
"product": "Cyber Protect",
"vendor": "Acronis",
"versions": [
{
"lessThan": "24600",
"status": "affected",
"version": "15",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Will Dormann"
}
],
"descriptions": [
{
"lang": "en",
"value": "Acronis Cyber Backup 12.5 and Cyber Protect 15 include an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\\jenkins_agent\\. Acronis Cyber Backup and Cyber Protect contain a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system root, a user can create the appropriate path to a specially-crafted openssl.cnf file to achieve arbitrary code execution with SYSTEM privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-21T13:40:18",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.kb.cert.org/vuls/id/114757"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2020-10138",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cyber Backup",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "12.5",
"version_value": "16363"
}
]
}
},
{
"product_name": "Cyber Protect",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "15",
"version_value": "24600"
}
]
}
}
]
},
"vendor_name": "Acronis"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Will Dormann"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Acronis Cyber Backup 12.5 and Cyber Protect 15 include an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\\jenkins_agent\\. Acronis Cyber Backup and Cyber Protect contain a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system root, a user can create the appropriate path to a specially-crafted openssl.cnf file to achieve arbitrary code execution with SYSTEM privileges."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.kb.cert.org/vuls/id/114757",
"refsource": "MISC",
"url": "https://www.kb.cert.org/vuls/id/114757"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2020-10138",
"datePublished": "2020-10-21T13:40:18",
"dateReserved": "2020-03-05T00:00:00",
"dateUpdated": "2024-08-04T10:50:57.887Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3405 (GCVE-0-2022-3405)
Vulnerability from cvelistv5
Published
2023-05-03 10:49
Modified
2025-02-03 18:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Code execution and sensitive information disclosure due to excessive privileges assigned to Acronis Agent. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 29486, Acronis Cyber Backup 12.5 (Windows, Linux) before build 16545.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | Acronis | Acronis Cyber Protect 15 |
Version: unspecified ≤ |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:07:06.478Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SEC-4092",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-4092"
},
{
"name": "Authentication Bypass with subsequent Remote Command Execution in Acronis Cyber Protect",
"tags": [
"x_transferred"
],
"url": "https://herolab.usd.de/security-advisories/usd-2022-0008/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3405",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-03T18:23:29.274084Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-03T18:23:43.444Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"Linux"
],
"product": "Acronis Cyber Protect 15",
"vendor": "Acronis",
"versions": [
{
"lessThan": "29486",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"Linux"
],
"product": "Acronis Cyber Backup 12.5",
"vendor": "Acronis",
"versions": [
{
"lessThan": "16545",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Sandro Tolksdorf of usd AG (https://herolab.usd.de)"
},
{
"lang": "en",
"type": "finder",
"value": "@boldglum (https://hackerone.com/boldglum)"
}
],
"descriptions": [
{
"lang": "en",
"value": "Code execution and sensitive information disclosure due to excessive privileges assigned to Acronis Agent. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 29486, Acronis Cyber Backup 12.5 (Windows, Linux) before build 16545."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T10:50:39.541Z",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"name": "SEC-4092",
"tags": [
"vendor-advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-4092"
},
{
"name": "Authentication Bypass with subsequent Remote Command Execution in Acronis Cyber Protect",
"url": "https://herolab.usd.de/security-advisories/usd-2022-0008/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2022-3405",
"datePublished": "2023-05-03T10:49:47.642Z",
"dateReserved": "2022-10-03T16:34:25.515Z",
"dateUpdated": "2025-02-03T18:23:43.444Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-30995 (GCVE-0-2022-30995)
Vulnerability from cvelistv5
Published
2023-05-03 10:50
Modified
2025-01-30 15:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Sensitive information disclosure due to improper authentication. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 29486, Acronis Cyber Backup 12.5 (Windows, Linux) before build 16545.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | Acronis | Acronis Cyber Protect 15 |
Version: unspecified ≤ |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:03:40.283Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SEC-3855",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3855"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-30995",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-30T15:19:22.624037Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-30T15:19:32.564Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"Linux"
],
"product": "Acronis Cyber Protect 15",
"vendor": "Acronis",
"versions": [
{
"lessThan": "29486",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"Linux"
],
"product": "Acronis Cyber Backup 12.5",
"vendor": "Acronis",
"versions": [
{
"lessThan": "16545",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "@boldglum (https://hackerone.com/boldglum)"
},
{
"lang": "en",
"type": "finder",
"value": "Sandro Tolksdorf of usd AG (https://herolab.usd.de)"
}
],
"descriptions": [
{
"lang": "en",
"value": "Sensitive information disclosure due to improper authentication. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 29486, Acronis Cyber Backup 12.5 (Windows, Linux) before build 16545."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T10:50:45.883Z",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"name": "SEC-3855",
"tags": [
"vendor-advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3855"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2022-30995",
"datePublished": "2023-05-03T10:50:45.883Z",
"dateReserved": "2022-05-18T07:09:14.532Z",
"dateUpdated": "2025-01-30T15:19:32.564Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-16171 (GCVE-0-2020-16171)
Vulnerability from cvelistv5
Published
2020-09-21 13:07
Modified
2024-08-04 13:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Acronis Cyber Backup before 12.5 Build 16342. Some API endpoints on port 9877 under /api/ams/ accept an additional custom Shard header. The value of this header is afterwards used in a separate web request issued by the application itself. This can be abused to conduct SSRF attacks against otherwise unreachable Acronis services that are bound to localhost such as the NotificationService on 127.0.0.1:30572.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:37:54.193Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Sep/33"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.rcesecurity.com/2020/09/CVE-2020-16171-Exploiting-Acronis-Cyber-Backup-for-Fun-and-Emails/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Acronis Cyber Backup before 12.5 Build 16342. Some API endpoints on port 9877 under /api/ams/ accept an additional custom Shard header. The value of this header is afterwards used in a separate web request issued by the application itself. This can be abused to conduct SSRF attacks against otherwise unreachable Acronis services that are bound to localhost such as the NotificationService on 127.0.0.1:30572."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-21T13:07:07",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Sep/33"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.rcesecurity.com/2020/09/CVE-2020-16171-Exploiting-Acronis-Cyber-Backup-for-Fun-and-Emails/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-16171",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Acronis Cyber Backup before 12.5 Build 16342. Some API endpoints on port 9877 under /api/ams/ accept an additional custom Shard header. The value of this header is afterwards used in a separate web request issued by the application itself. This can be abused to conduct SSRF attacks against otherwise unreachable Acronis services that are bound to localhost such as the NotificationService on 127.0.0.1:30572."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://seclists.org/fulldisclosure/2020/Sep/33",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2020/Sep/33"
},
{
"name": "https://www.rcesecurity.com/2020/09/CVE-2020-16171-Exploiting-Acronis-Cyber-Backup-for-Fun-and-Emails/",
"refsource": "MISC",
"url": "https://www.rcesecurity.com/2020/09/CVE-2020-16171-Exploiting-Acronis-Cyber-Backup-for-Fun-and-Emails/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-16171",
"datePublished": "2020-09-21T13:07:07",
"dateReserved": "2020-07-31T00:00:00",
"dateUpdated": "2024-08-04T13:37:54.193Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2023-05-03 11:15
Modified
2024-11-21 07:03
Severity ?
Summary
Sensitive information disclosure due to improper authentication. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 29486, Acronis Cyber Backup 12.5 (Windows, Linux) before build 16545.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| acronis | cyber_backup | 12.5 | |
| acronis | cyber_backup | 12.5 | |
| acronis | cyber_backup | 12.5 | |
| acronis | cyber_backup | 12.5 | |
| acronis | cyber_backup | 12.5 | |
| acronis | cyber_backup | 12.5 | |
| acronis | cyber_backup | 12.5 | |
| acronis | cyber_backup | 12.5 | |
| acronis | cyber_backup | 12.5 | |
| acronis | cyber_backup | 12.5 | |
| acronis | cyber_backup | 12.5 | |
| acronis | cyber_backup | 12.5 | |
| acronis | cyber_backup | 12.5 | |
| acronis | cyber_backup | 12.5 | |
| acronis | cyber_backup | 12.5 | |
| acronis | cyber_protect | 15 | |
| acronis | cyber_protect | 15 | |
| acronis | cyber_protect | 15 | |
| acronis | cyber_protect | 15 | |
| linux | linux_kernel | - | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:-:*:*:*:*:*:*",
"matchCriteriaId": "3117B8C4-C8E6-4F50-923D-5BF50222337D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:10130:*:*:*:*:*:*",
"matchCriteriaId": "C2ECE37D-291E-4D07-9D8B-79D09D78FA35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:10330:*:*:*:*:*:*",
"matchCriteriaId": "9826E331-15CB-454D-80E6-B39B380894F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:11010:*:*:*:*:*:*",
"matchCriteriaId": "89A4839A-EF22-4E28-82ED-5828207D7ADE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:13160:*:*:*:*:*:*",
"matchCriteriaId": "A847D357-EB6F-4CBF-AEB7-20ABF6B6A0E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:13400:*:*:*:*:*:*",
"matchCriteriaId": "6677430F-19A5-4D7A-91F5-9D906DC48174",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:14280:*:*:*:*:*:*",
"matchCriteriaId": "C38873F8-EB4E-4B20-B4BB-A8E9CC2E4FC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:14330:*:*:*:*:*:*",
"matchCriteriaId": "00644AD1-6114-4470-8AD6-C2D975329A71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:16180:*:*:*:*:*:*",
"matchCriteriaId": "49694CEB-C054-4D02-A7BA-D57E7A1538C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:16318:*:*:*:*:*:*",
"matchCriteriaId": "3FE3F243-202A-4EF5-B4B8-F912B6763F22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:16327:*:*:*:*:*:*",
"matchCriteriaId": "D5831900-150B-4DAD-A17D-C974F8F91C8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:7641:*:*:*:*:*:*",
"matchCriteriaId": "3F540D84-5562-41AE-9294-64F19596149E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:7970:*:*:*:*:*:*",
"matchCriteriaId": "122DEB91-6506-4F94-9C79-887EECE68A7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:8850:*:*:*:*:*:*",
"matchCriteriaId": "0B6EA731-C344-424E-B5FB-291CD59DDAB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:9010:*:*:*:*:*:*",
"matchCriteriaId": "EF144B8E-E42F-41E3-8E23-88B1F862D14A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_protect:15:-:*:*:*:*:*:*",
"matchCriteriaId": "89899D10-1343-4276-919A-9C1DF2DB8B55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_protect:15:update1:*:*:*:*:*:*",
"matchCriteriaId": "A77B2499-B3A4-4278-BA0D-59AB59C60352",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_protect:15:update2:*:*:*:*:*:*",
"matchCriteriaId": "BAF6A576-C320-4550-B7F8-4FCAE82FB06A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_protect:15:update3:*:*:*:*:*:*",
"matchCriteriaId": "9740A956-D589-4846-8717-B6182EB65F8B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sensitive information disclosure due to improper authentication. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 29486, Acronis Cyber Backup 12.5 (Windows, Linux) before build 16545."
}
],
"id": "CVE-2022-30995",
"lastModified": "2024-11-21T07:03:40.847",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.8,
"source": "security@acronis.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-03T11:15:11.193",
"references": [
{
"source": "security@acronis.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3855"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3855"
}
],
"sourceIdentifier": "security@acronis.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "security@acronis.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-05-03 11:15
Modified
2024-11-21 07:19
Severity ?
Summary
Code execution and sensitive information disclosure due to excessive privileges assigned to Acronis Agent. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 29486, Acronis Cyber Backup 12.5 (Windows, Linux) before build 16545.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@acronis.com | https://herolab.usd.de/security-advisories/usd-2022-0008/ | Exploit, Third Party Advisory | |
| security@acronis.com | https://security-advisory.acronis.com/advisories/SEC-4092 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://herolab.usd.de/security-advisories/usd-2022-0008/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security-advisory.acronis.com/advisories/SEC-4092 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| acronis | cyber_backup | 12.5 | |
| acronis | cyber_backup | 12.5 | |
| acronis | cyber_backup | 12.5 | |
| acronis | cyber_backup | 12.5 | |
| acronis | cyber_backup | 12.5 | |
| acronis | cyber_backup | 12.5 | |
| acronis | cyber_backup | 12.5 | |
| acronis | cyber_backup | 12.5 | |
| acronis | cyber_backup | 12.5 | |
| acronis | cyber_backup | 12.5 | |
| acronis | cyber_backup | 12.5 | |
| acronis | cyber_backup | 12.5 | |
| acronis | cyber_backup | 12.5 | |
| acronis | cyber_backup | 12.5 | |
| acronis | cyber_backup | 12.5 | |
| acronis | cyber_protect | 15 | |
| acronis | cyber_protect | 15 | |
| acronis | cyber_protect | 15 | |
| acronis | cyber_protect | 15 | |
| linux | linux_kernel | - | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:-:*:*:*:*:*:*",
"matchCriteriaId": "3117B8C4-C8E6-4F50-923D-5BF50222337D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:10130:*:*:*:*:*:*",
"matchCriteriaId": "C2ECE37D-291E-4D07-9D8B-79D09D78FA35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:10330:*:*:*:*:*:*",
"matchCriteriaId": "9826E331-15CB-454D-80E6-B39B380894F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:11010:*:*:*:*:*:*",
"matchCriteriaId": "89A4839A-EF22-4E28-82ED-5828207D7ADE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:13160:*:*:*:*:*:*",
"matchCriteriaId": "A847D357-EB6F-4CBF-AEB7-20ABF6B6A0E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:13400:*:*:*:*:*:*",
"matchCriteriaId": "6677430F-19A5-4D7A-91F5-9D906DC48174",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:14280:*:*:*:*:*:*",
"matchCriteriaId": "C38873F8-EB4E-4B20-B4BB-A8E9CC2E4FC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:14330:*:*:*:*:*:*",
"matchCriteriaId": "00644AD1-6114-4470-8AD6-C2D975329A71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:16180:*:*:*:*:*:*",
"matchCriteriaId": "49694CEB-C054-4D02-A7BA-D57E7A1538C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:16318:*:*:*:*:*:*",
"matchCriteriaId": "3FE3F243-202A-4EF5-B4B8-F912B6763F22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:16327:*:*:*:*:*:*",
"matchCriteriaId": "D5831900-150B-4DAD-A17D-C974F8F91C8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:7641:*:*:*:*:*:*",
"matchCriteriaId": "3F540D84-5562-41AE-9294-64F19596149E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:7970:*:*:*:*:*:*",
"matchCriteriaId": "122DEB91-6506-4F94-9C79-887EECE68A7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:8850:*:*:*:*:*:*",
"matchCriteriaId": "0B6EA731-C344-424E-B5FB-291CD59DDAB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:9010:*:*:*:*:*:*",
"matchCriteriaId": "EF144B8E-E42F-41E3-8E23-88B1F862D14A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_protect:15:-:*:*:*:*:*:*",
"matchCriteriaId": "89899D10-1343-4276-919A-9C1DF2DB8B55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_protect:15:update1:*:*:*:*:*:*",
"matchCriteriaId": "A77B2499-B3A4-4278-BA0D-59AB59C60352",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_protect:15:update2:*:*:*:*:*:*",
"matchCriteriaId": "BAF6A576-C320-4550-B7F8-4FCAE82FB06A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_protect:15:update3:*:*:*:*:*:*",
"matchCriteriaId": "9740A956-D589-4846-8717-B6182EB65F8B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Code execution and sensitive information disclosure due to excessive privileges assigned to Acronis Agent. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 29486, Acronis Cyber Backup 12.5 (Windows, Linux) before build 16545."
}
],
"id": "CVE-2022-3405",
"lastModified": "2024-11-21T07:19:27.207",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.8,
"source": "security@acronis.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-03T11:15:11.650",
"references": [
{
"source": "security@acronis.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://herolab.usd.de/security-advisories/usd-2022-0008/"
},
{
"source": "security@acronis.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-4092"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://herolab.usd.de/security-advisories/usd-2022-0008/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-4092"
}
],
"sourceIdentifier": "security@acronis.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "security@acronis.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-10-21 14:15
Modified
2024-11-21 04:54
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Acronis Cyber Backup 12.5 and Cyber Protect 15 include an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkins_agent\. Acronis Cyber Backup and Cyber Protect contain a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system root, a user can create the appropriate path to a specially-crafted openssl.cnf file to achieve arbitrary code execution with SYSTEM privileges.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | https://www.kb.cert.org/vuls/id/114757 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.kb.cert.org/vuls/id/114757 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| acronis | cyber_backup | * | |
| acronis | cyber_protect | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acronis:cyber_backup:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D50B1D5A-751B-43C6-A5DE-681B242A1874",
"versionEndExcluding": "12.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_protect:*:*:*:*:*:*:*:*",
"matchCriteriaId": "547972AF-7F43-4A6D-AFC7-5514DD9995A6",
"versionEndExcluding": "15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Acronis Cyber Backup 12.5 and Cyber Protect 15 include an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\\jenkins_agent\\. Acronis Cyber Backup and Cyber Protect contain a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system root, a user can create the appropriate path to a specially-crafted openssl.cnf file to achieve arbitrary code execution with SYSTEM privileges."
},
{
"lang": "es",
"value": "Acronis Cyber ??Backup versi\u00f3n 12.5 y Cyber ??Protect versi\u00f3n 15 incluyen un componente OpenSSL que especifica una variable OPENSSLDIR como un subdirectorio dentro de C:\\jenkins_agent\\.\u0026#xa0;Acronis Cyber ??Backup y Cyber ??Protect contienen un servicio privilegiado que usa este componente de OpenSSL.\u0026#xa0;Debido a que los usuarios de Windows no privilegiados pueden crear subdirectorios fuera del root del sistema, un usuario puede crear la ruta apropiada a un archivo openssl.cnf especialmente dise\u00f1ado para lograr una ejecuci\u00f3n de c\u00f3digo arbitraria con privilegios del SYSTEM"
}
],
"id": "CVE-2020-10138",
"lastModified": "2024-11-21T04:54:53.767",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "cret@cert.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-21T14:15:15.013",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/114757"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/114757"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "cret@cert.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-665"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-09-21 14:15
Modified
2024-11-21 05:06
Severity ?
Summary
An issue was discovered in Acronis Cyber Backup before 12.5 Build 16342. Some API endpoints on port 9877 under /api/ams/ accept an additional custom Shard header. The value of this header is afterwards used in a separate web request issued by the application itself. This can be abused to conduct SSRF attacks against otherwise unreachable Acronis services that are bound to localhost such as the NotificationService on 127.0.0.1:30572.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://seclists.org/fulldisclosure/2020/Sep/33 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.rcesecurity.com/2020/09/CVE-2020-16171-Exploiting-Acronis-Cyber-Backup-for-Fun-and-Emails/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2020/Sep/33 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.rcesecurity.com/2020/09/CVE-2020-16171-Exploiting-Acronis-Cyber-Backup-for-Fun-and-Emails/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| acronis | cyber_backup | * | |
| acronis | cyber_backup | 12.5 | |
| acronis | cyber_backup | 12.5 | |
| acronis | cyber_backup | 12.5 | |
| acronis | cyber_backup | 12.5 | |
| acronis | cyber_backup | 12.5 | |
| acronis | cyber_backup | 12.5 | |
| acronis | cyber_backup | 12.5 | |
| acronis | cyber_backup | 12.5 | |
| acronis | cyber_backup | 12.5 | |
| acronis | cyber_backup | 12.5 | |
| acronis | cyber_backup | 12.5 | |
| acronis | cyber_backup | 12.5 | |
| acronis | cyber_backup | 12.5 | |
| acronis | cyber_backup | 12.5 | |
| acronis | cyber_backup | 12.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acronis:cyber_backup:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E4A6690B-6355-4BA3-844C-8454A9EF9B2D",
"versionEndIncluding": "12.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:-:*:*:*:*:*:*",
"matchCriteriaId": "3117B8C4-C8E6-4F50-923D-5BF50222337D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:10130:*:*:*:*:*:*",
"matchCriteriaId": "C2ECE37D-291E-4D07-9D8B-79D09D78FA35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:10330:*:*:*:*:*:*",
"matchCriteriaId": "9826E331-15CB-454D-80E6-B39B380894F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:11010:*:*:*:*:*:*",
"matchCriteriaId": "89A4839A-EF22-4E28-82ED-5828207D7ADE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:13160:*:*:*:*:*:*",
"matchCriteriaId": "A847D357-EB6F-4CBF-AEB7-20ABF6B6A0E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:13400:*:*:*:*:*:*",
"matchCriteriaId": "6677430F-19A5-4D7A-91F5-9D906DC48174",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:14280:*:*:*:*:*:*",
"matchCriteriaId": "C38873F8-EB4E-4B20-B4BB-A8E9CC2E4FC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:14330:*:*:*:*:*:*",
"matchCriteriaId": "00644AD1-6114-4470-8AD6-C2D975329A71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:16180:*:*:*:*:*:*",
"matchCriteriaId": "49694CEB-C054-4D02-A7BA-D57E7A1538C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:16318:*:*:*:*:*:*",
"matchCriteriaId": "3FE3F243-202A-4EF5-B4B8-F912B6763F22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:16327:*:*:*:*:*:*",
"matchCriteriaId": "D5831900-150B-4DAD-A17D-C974F8F91C8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:7641:*:*:*:*:*:*",
"matchCriteriaId": "3F540D84-5562-41AE-9294-64F19596149E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:7970:*:*:*:*:*:*",
"matchCriteriaId": "122DEB91-6506-4F94-9C79-887EECE68A7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:8850:*:*:*:*:*:*",
"matchCriteriaId": "0B6EA731-C344-424E-B5FB-291CD59DDAB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:9010:*:*:*:*:*:*",
"matchCriteriaId": "EF144B8E-E42F-41E3-8E23-88B1F862D14A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Acronis Cyber Backup before 12.5 Build 16342. Some API endpoints on port 9877 under /api/ams/ accept an additional custom Shard header. The value of this header is afterwards used in a separate web request issued by the application itself. This can be abused to conduct SSRF attacks against otherwise unreachable Acronis services that are bound to localhost such as the NotificationService on 127.0.0.1:30572."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Acronis Cyber ??Backup versiones anteriores a 12.5 Build 16342. Algunos endpoints de la API en el puerto 9877 en /api/ams/ aceptan un encabezado Shard personalizado adicional.\u0026#xa0;El valor de este encabezado es usado posteriormente en una petici\u00f3n web separada emitida por la propia aplicaci\u00f3n. Esto puede ser abusado para conducir ataques de tipo SSRF contra servicios de Acronis que de otro modo ser\u00edan inalcanzables y que est\u00e1n vinculados a localhost, tal y como NotificationService versi\u00f3n 127.0.0.1:30572"
}
],
"id": "CVE-2020-16171",
"lastModified": "2024-11-21T05:06:54.360",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-21T14:15:13.370",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2020/Sep/33"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.rcesecurity.com/2020/09/CVE-2020-16171-Exploiting-Acronis-Cyber-Backup-for-Fun-and-Emails/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2020/Sep/33"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.rcesecurity.com/2020/09/CVE-2020-16171-Exploiting-Acronis-Cyber-Backup-for-Fun-and-Emails/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}