PT-2022-12009 · Acronis · Acronis True Image 2021+4
Xnand
·
Published
2022-02-02
·
Updated
2022-08-09
·
CVE-2021-44204
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Acronis Cyber Protect 15 (Windows) versions before build 28035
Acronis Agent (Windows) versions before build 27147
Acronis Cyber Protect Home Office (Windows) versions before build 39612
Acronis True Image 2021 (Windows) versions before build 39287
Description
The issue is related to local privilege escalation via named pipe due to improper access control checks. This allows for unauthorized access and potential system compromise.
Recommendations
For Acronis Cyber Protect 15 (Windows) versions before build 28035, update to build 28035 or later.
For Acronis Agent (Windows) versions before build 27147, update to build 27147 or later.
For Acronis Cyber Protect Home Office (Windows) versions before build 39612, update to build 39612 or later.
For Acronis True Image 2021 (Windows) versions before build 39287, update to build 39287 or later.
Fix
LPE
Improper Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Acronis
Acronis Agent
Acronis Cyber Protect 15
Acronis Cyber Protect Home Office
Acronis True Image 2021