CVE-2021-32579

Acronis True Image prior to 2021 Update 4 for Windows and Acronis True Image prior to 2021 Update 5 for macOS allowed an unauthenticated attacker (who has a local code execution ability) to tamper with the micro-service API.

Published: Aug 5, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-32579
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Low
Score: 4.6
AV:L/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-287

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
acronis / true_image	2021-update_3	2021-update_3.x
acronis / true_image	2021-update_1	2021-update_1.x
acronis / true_image	2021-update_2	2021-update_2.x
acronis / true_image	2021	2021.x
acronis / true_image	2021-update_4	2021-update_4.x

https://kb.acronis.com/content/68413
https://kb.acronis.com/content/68419

Vulnerability Database

289,784

CVE-2021-32579