Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-44204

Local privilege escalation via named pipe due to improper access control checks. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27147, Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287

Published

2022-02-04T23:15:12.013

Last Modified

2024-11-21T06:30:34.300

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

3.9

Impact Score

6.4

Weaknesses

Type: Secondary
CWE-285
Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	acronis	true_image	2021	Yes
Application	acronis	true_image	2021	Yes
Application	acronis	true_image	2021	Yes
Application	acronis	true_image	2021	Yes
Application	acronis	true_image	2021	Yes
Application	acronis	true_image	2021	Yes
Application	acronis	agent	< c21.06	Yes
Application	acronis	cyber_protect	15	Yes
Application	acronis	cyber_protect	15	Yes
Application	acronis	cyber_protect	15	Yes
Application	acronis	cyber_protect_home_office	-	Yes
Operating System	microsoft	windows	-	No

References

https://security-advisory.acronis.com/advisories/SEC-2355 Vendor Advisory ([email protected])
https://security-advisory.acronis.com/advisories/SEC-2355 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)