CVE-2021-44204

Published: Feb 4, 2022Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Local privilege escalation via named pipe due to improper access control checks. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27147, Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287

Affected (11)

Products: Acronis: True Image, Agent, Cyber Protect, Cyber Protect Home Office

4 products

Cyber Protect Home Office

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Acronis True Image	Version 2021
Acronis True Image	Version 2021 update_1
Acronis True Image	Version 2021 update_2
Acronis True Image	Version 2021 update_3
Acronis True Image	Version 2021 update_4
Acronis True Image	Version 2021 update_5

Configuration B

5 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Acronis Agent	Before c21.06
Acronis Cyber Protect	Version 15
Acronis Cyber Protect	Version 15 update1
Acronis Cyber Protect	Version 15 update2
Acronis Cyber Protect Home Office	All versions

Running on/with	Platform Versions
Microsoft Windows	All versions

Related CWEs

CWE-285

Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

References (2)

https://security-advisory.acronis.com/advisories/SEC-2355

Source: security@acronis.com

Vendor Advisory

https://security-advisory.acronis.com/advisories/SEC-2355

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.