CVE-2021-44206

EPSS 0.24%
Veröffentlicht 04.02.2022 23:15:12
Zuletzt bearbeitet 21.11.2024 06:30:34
Quelle security@acronis.com
CVE-Watchlists
Login
Unerledigt
Login

Local privilege escalation due to DLL hijacking vulnerability in Acronis Media Builder service

Local privilege escalation due to DLL hijacking vulnerability in Acronis Media Builder service. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

NVD 6 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Acronis ≫ True Image Version2021 Update- SwPlatformwindows

Acronis ≫ True Image Version2021 Updateupdate_1 SwPlatformwindows

Acronis ≫ True Image Version2021 Updateupdate_2 SwPlatformwindows

Acronis ≫ True Image Version2021 Updateupdate_3 SwPlatformwindows

Acronis ≫ True Image Version2021 Updateupdate_4 SwPlatformwindows

Acronis ≫ Cyber Protect Home Office Version-

Microsoft ≫ Windows Version-

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.24%	0.142

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.3	1.3	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	4.4	3.4	6.4	AV:L/AC:M/Au:N/C:P/I:P/A:P

CWE-427 Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

https://security-advisory.acronis.com/advisories/SEC-3058

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-44206

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-44206

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-44206

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2021-44206