CVE-2021-44204

Local privilege escalation via named pipe due to improper access control checks. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27147, Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287

Published: Feb 5, 2022
Updated: Apr 14, 2023
CVE: CVE-2021-44204
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Low
Score: 4.6
AV:L/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
acronis / true_image	2021-update_1	2021-update_1.x
acronis / true_image	2021-update_2	2021-update_2.x
acronis / true_image	2021-update_3	2021-update_3.x
acronis / true_image	2021-update_4	2021-update_4.x
acronis / true_image	2021-update_5	2021-update_5.x
acronis / true_image	2021	2021.x
acronis / agent	-	c21.06
acronis / cyber_protect	15	15.x
acronis / cyber_protect	15-update1	15-update1.x
acronis / cyber_protect	15-update2	15-update2.x

https://security-advisory.acronis.com/advisories/SEC-2355

Vulnerability Database

289,697

CVE-2021-44204