Vulnerabilites related to acronis - snap_deploy
Vulnerability from fkie_nvd
Published
2022-05-16 18:15
Modified
2024-11-21 07:03
Severity ?
Summary
Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Snap Deploy (Windows) before build 3640
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| acronis | snap_deploy | * | |
| acronis | snap_deploy | 6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acronis:snap_deploy:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "E3653927-4EF6-4508-92E7-F2EB2C418A00",
"versionEndExcluding": "6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:snap_deploy:6:-:*:*:*:windows:*:*",
"matchCriteriaId": "A12AF81B-8339-4F72-A30E-D5126B0BACE6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Snap Deploy (Windows) before build 3640"
},
{
"lang": "es",
"value": "Una escalada de privilegios local debido a permisos de carpetas no seguras. Los siguientes productos est\u00e1n afectados: Acronis Snap Deploy (Windows) versiones anteriores a la compilaci\u00f3n 3640"
}
],
"id": "CVE-2022-30697",
"lastModified": "2024-11-21T07:03:11.557",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-16T18:15:08.667",
"references": [
{
"source": "security@acronis.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3082"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3082"
}
],
"sourceIdentifier": "security@acronis.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "security@acronis.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-04-27 19:15
Modified
2024-11-21 07:58
Severity ?
Summary
Local privilege escalation due to a DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 3900.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@acronis.com | https://security-advisory.acronis.com/advisories/SEC-4048 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security-advisory.acronis.com/advisories/SEC-4048 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| acronis | snap_deploy | * | |
| acronis | snap_deploy | 6 | |
| acronis | snap_deploy | 6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acronis:snap_deploy:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "E3653927-4EF6-4508-92E7-F2EB2C418A00",
"versionEndExcluding": "6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:snap_deploy:6:-:*:*:*:windows:*:*",
"matchCriteriaId": "A12AF81B-8339-4F72-A30E-D5126B0BACE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:snap_deploy:6:update1:*:*:*:windows:*:*",
"matchCriteriaId": "5AD3DAEE-A07B-47B6-A072-171E571F7B6D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation due to a DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 3900."
}
],
"id": "CVE-2023-2355",
"lastModified": "2024-11-21T07:58:26.867",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "security@acronis.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-04-27T19:15:20.597",
"references": [
{
"source": "security@acronis.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-4048"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-4048"
}
],
"sourceIdentifier": "security@acronis.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "security@acronis.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-03-20 10:44
Modified
2025-04-09 00:30
Severity ?
Summary
The PXE Server (pxesrv.exe) in Acronis Snap Deploy 2.0.0.1076 and earlier allows remote attackers to cause a denial of service (crash) via an incomplete TFTP request, which triggers a NULL pointer dereference.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| acronis | snap_deploy | 2.0.0.1076 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acronis:snap_deploy:2.0.0.1076:*:*:*:*:*:*:*",
"matchCriteriaId": "A091CA72-DCC4-4E28-8DF3-AE7A515BD331",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The PXE Server (pxesrv.exe) in Acronis Snap Deploy 2.0.0.1076 and earlier allows remote attackers to cause a denial of service (crash) via an incomplete TFTP request, which triggers a NULL pointer dereference."
},
{
"lang": "es",
"value": "PXE Server (pxesrv.exe) en Acronis Snap Deploy versiones 2.0.0.1076 y anteriores permite a atacantes remotos provocar una denegaci\u00f3n de servicio (parada) al utilizar una petici\u00f3n TFTP incompleta, que dispara una referencia a un puntero NULL."
}
],
"id": "CVE-2008-1411",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-03-20T10:44:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://aluigi.altervista.org/adv/acropxe-adv.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29305"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3758"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/489358/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/28182"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0814/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41075"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/5228"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://aluigi.altervista.org/adv/acropxe-adv.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29305"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3758"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/489358/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/28182"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0814/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41075"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/5228"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-03-20 10:44
Modified
2025-04-09 00:30
Severity ?
Summary
Directory traversal vulnerability in the PXE Server (pxesrv.exe) in Acronis Snap Deploy 2.0.0.1076 and earlier allows remote attackers to read arbitrary files via directory traversal sequences to the TFTP service.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| acronis | snap_deploy | 2.0.0.1076 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acronis:snap_deploy:2.0.0.1076:*:*:*:*:*:*:*",
"matchCriteriaId": "A091CA72-DCC4-4E28-8DF3-AE7A515BD331",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the PXE Server (pxesrv.exe) in Acronis Snap Deploy 2.0.0.1076 and earlier allows remote attackers to read arbitrary files via directory traversal sequences to the TFTP service."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en PXE Server (pxesrv.exe) de Acronis Snap Deploy versiones 2.0.0.1076 y anteriores permite a atacantes remotos leer ficheros de su elecci\u00f3n mediante la utilizaci\u00f3n de secuencias de salto de directorio en el servicio TFTP."
}
],
"id": "CVE-2008-1410",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-03-20T10:44:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://aluigi.altervista.org/adv/acropxe-adv.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29305"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3758"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/489358/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/28182"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0814/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41074"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/5228"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://aluigi.altervista.org/adv/acropxe-adv.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29305"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3758"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/489358/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/28182"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0814/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41074"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/5228"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-29 20:15
Modified
2024-09-12 17:17
Severity ?
Summary
Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Snap Deploy (Windows) before build 4569.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@acronis.com | https://security-advisory.acronis.com/advisories/SEC-4196 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| acronis | snap_deploy | * | |
| acronis | snap_deploy | 6 | |
| acronis | snap_deploy | 6 | |
| acronis | snap_deploy | 6 | |
| acronis | snap_deploy | 6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acronis:snap_deploy:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "E3653927-4EF6-4508-92E7-F2EB2C418A00",
"versionEndExcluding": "6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:snap_deploy:6:-:*:*:*:windows:*:*",
"matchCriteriaId": "A12AF81B-8339-4F72-A30E-D5126B0BACE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:snap_deploy:6:update1:*:*:*:windows:*:*",
"matchCriteriaId": "5AD3DAEE-A07B-47B6-A072-171E571F7B6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:snap_deploy:6:update1.1:*:*:*:windows:*:*",
"matchCriteriaId": "9D953C3D-25D4-4C30-826A-D5E002A5CF78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:snap_deploy:6:update1.2:*:*:*:windows:*:*",
"matchCriteriaId": "BF1C1F42-7A5F-43AC-8E49-06F336605421",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Snap Deploy (Windows) before build 4569."
},
{
"lang": "es",
"value": "Divulgaci\u00f3n de informaci\u00f3n confidencial debido a permisos de carpetas inseguros. Los siguientes productos se ven afectados: Acronis Snap Deploy (Windows) antes de la compilaci\u00f3n 4569."
}
],
"id": "CVE-2024-34018",
"lastModified": "2024-09-12T17:17:20.873",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "security@acronis.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-29T20:15:07.997",
"references": [
{
"source": "security@acronis.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-4196"
}
],
"sourceIdentifier": "security@acronis.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-276"
}
],
"source": "security@acronis.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-05-16 18:15
Modified
2024-11-21 07:03
Severity ?
Summary
Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Snap Deploy (Windows) before build 3640
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| acronis | snap_deploy | * | |
| acronis | snap_deploy | 6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acronis:snap_deploy:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "E3653927-4EF6-4508-92E7-F2EB2C418A00",
"versionEndExcluding": "6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:snap_deploy:6:-:*:*:*:windows:*:*",
"matchCriteriaId": "A12AF81B-8339-4F72-A30E-D5126B0BACE6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Snap Deploy (Windows) before build 3640"
},
{
"lang": "es",
"value": "Una escalada de privilegios local debido a permisos excesivos asignados a los procesos hijos. Los siguientes productos est\u00e1n afectados: Acronis Snap Deploy (Windows) versiones anteriores a la compilaci\u00f3n 3640"
}
],
"id": "CVE-2022-30695",
"lastModified": "2024-11-21T07:03:11.357",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-16T18:15:08.570",
"references": [
{
"source": "security@acronis.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3080"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3080"
}
],
"sourceIdentifier": "security@acronis.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-250"
}
],
"source": "security@acronis.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-29 20:15
Modified
2024-09-12 17:18
Severity ?
Summary
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 4569.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@acronis.com | https://security-advisory.acronis.com/advisories/SEC-3079 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| acronis | snap_deploy | * | |
| acronis | snap_deploy | 6 | |
| acronis | snap_deploy | 6 | |
| acronis | snap_deploy | 6 | |
| acronis | snap_deploy | 6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acronis:snap_deploy:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "E3653927-4EF6-4508-92E7-F2EB2C418A00",
"versionEndExcluding": "6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:snap_deploy:6:-:*:*:*:windows:*:*",
"matchCriteriaId": "A12AF81B-8339-4F72-A30E-D5126B0BACE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:snap_deploy:6:update1:*:*:*:windows:*:*",
"matchCriteriaId": "5AD3DAEE-A07B-47B6-A072-171E571F7B6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:snap_deploy:6:update1.1:*:*:*:windows:*:*",
"matchCriteriaId": "9D953C3D-25D4-4C30-826A-D5E002A5CF78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:snap_deploy:6:update1.2:*:*:*:windows:*:*",
"matchCriteriaId": "BF1C1F42-7A5F-43AC-8E49-06F336605421",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 4569."
},
{
"lang": "es",
"value": "Escalada de privilegios locales debido a una vulnerabilidad de secuestro de DLL. Los siguientes productos est\u00e1n afectados: Acronis Snap Deploy (Windows) antes de la compilaci\u00f3n 4569."
}
],
"id": "CVE-2024-34019",
"lastModified": "2024-09-12T17:18:07.163",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "security@acronis.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-29T20:15:08.193",
"references": [
{
"source": "security@acronis.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3079"
}
],
"sourceIdentifier": "security@acronis.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "security@acronis.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-29 20:15
Modified
2024-09-12 17:16
Severity ?
Summary
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 4569.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@acronis.com | https://security-advisory.acronis.com/advisories/SEC-4505 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| acronis | snap_deploy | * | |
| acronis | snap_deploy | 6 | |
| acronis | snap_deploy | 6 | |
| acronis | snap_deploy | 6 | |
| acronis | snap_deploy | 6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acronis:snap_deploy:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "E3653927-4EF6-4508-92E7-F2EB2C418A00",
"versionEndExcluding": "6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:snap_deploy:6:-:*:*:*:windows:*:*",
"matchCriteriaId": "A12AF81B-8339-4F72-A30E-D5126B0BACE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:snap_deploy:6:update1:*:*:*:windows:*:*",
"matchCriteriaId": "5AD3DAEE-A07B-47B6-A072-171E571F7B6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:snap_deploy:6:update1.1:*:*:*:windows:*:*",
"matchCriteriaId": "9D953C3D-25D4-4C30-826A-D5E002A5CF78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:snap_deploy:6:update1.2:*:*:*:windows:*:*",
"matchCriteriaId": "BF1C1F42-7A5F-43AC-8E49-06F336605421",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 4569."
},
{
"lang": "es",
"value": "Escalada de privilegios locales debido a una vulnerabilidad de secuestro de DLL. Los siguientes productos est\u00e1n afectados: Acronis Snap Deploy (Windows) antes de la compilaci\u00f3n 4569."
}
],
"id": "CVE-2024-34017",
"lastModified": "2024-09-12T17:16:09.890",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "security@acronis.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-29T20:15:07.743",
"references": [
{
"source": "security@acronis.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-4505"
}
],
"sourceIdentifier": "security@acronis.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "security@acronis.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-05-16 18:15
Modified
2024-11-21 07:03
Severity ?
Summary
Local privilege escalation due to a DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 3640
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| acronis | snap_deploy | * | |
| acronis | snap_deploy | 6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acronis:snap_deploy:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "E3653927-4EF6-4508-92E7-F2EB2C418A00",
"versionEndExcluding": "6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acronis:snap_deploy:6:-:*:*:*:windows:*:*",
"matchCriteriaId": "A12AF81B-8339-4F72-A30E-D5126B0BACE6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation due to a DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 3640"
},
{
"lang": "es",
"value": "Una escalada de privilegios local debido a una vulnerabilidad de secuestro de DLL. Los siguientes productos est\u00e1n afectados: Acronis Snap Deploy (Windows) versiones anteriores a la compilaci\u00f3n 3640"
}
],
"id": "CVE-2022-30696",
"lastModified": "2024-11-21T07:03:11.463",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-16T18:15:08.617",
"references": [
{
"source": "security@acronis.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3081"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3081"
}
],
"sourceIdentifier": "security@acronis.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "security@acronis.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2023-2355 (GCVE-0-2023-2355)
Vulnerability from cvelistv5
Published
2023-04-27 18:45
Modified
2025-01-30 20:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Local privilege escalation due to a DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 3900.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-4048 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Acronis | Acronis Snap Deploy |
Version: unspecified ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:19:14.887Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SEC-4048",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-4048"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2355",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-30T20:49:51.804566Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-30T20:49:56.542Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Acronis Snap Deploy",
"vendor": "Acronis",
"versions": [
{
"lessThan": "3900",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation due to a DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 3900."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-27T18:45:26.176Z",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"name": "SEC-4048",
"tags": [
"vendor-advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-4048"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2023-2355",
"datePublished": "2023-04-27T18:45:26.176Z",
"dateReserved": "2023-04-27T17:41:37.597Z",
"dateUpdated": "2025-01-30T20:49:56.542Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-30696 (GCVE-0-2022-30696)
Vulnerability from cvelistv5
Published
2022-05-16 17:20
Modified
2024-09-17 00:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Local privilege escalation due to a DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 3640
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-3081 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Acronis | Acronis Snap Deploy |
Version: unspecified < 3640 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:56:13.592Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3081"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows"
],
"product": "Acronis Snap Deploy",
"vendor": "Acronis",
"versions": [
{
"lessThan": "3640",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "@mmg (https://hackerone.com/mmg)"
}
],
"datePublic": "2022-05-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation due to a DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 3640"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-16T17:20:02",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3081"
}
],
"source": {
"advisory": "SEC-3081",
"defect": [
"SEC-3081"
],
"discovery": "EXTERNAL"
},
"title": "Local privilege escalation due to a DLL hijacking vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@acronis.com",
"DATE_PUBLIC": "2022-05-13T00:00:00.000Z",
"ID": "CVE-2022-30696",
"STATE": "PUBLIC",
"TITLE": "Local privilege escalation due to a DLL hijacking vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Acronis Snap Deploy",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_value": "3640"
}
]
}
}
]
},
"vendor_name": "Acronis"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "@mmg (https://hackerone.com/mmg)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Local privilege escalation due to a DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 3640"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-427"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-advisory.acronis.com/advisories/SEC-3081",
"refsource": "MISC",
"url": "https://security-advisory.acronis.com/advisories/SEC-3081"
}
]
},
"source": {
"advisory": "SEC-3081",
"defect": [
"SEC-3081"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2022-30696",
"datePublished": "2022-05-16T17:20:02.194777Z",
"dateReserved": "2022-05-13T00:00:00",
"dateUpdated": "2024-09-17T00:25:50.944Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1410 (GCVE-0-2008-1410)
Vulnerability from cvelistv5
Published
2008-03-20 10:00
Modified
2024-08-07 08:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Directory traversal vulnerability in the PXE Server (pxesrv.exe) in Acronis Snap Deploy 2.0.0.1076 and earlier allows remote attackers to read arbitrary files via directory traversal sequences to the TFTP service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/41074 | vdb-entry, x_refsource_XF | |
| http://aluigi.altervista.org/adv/acropxe-adv.txt | x_refsource_MISC | |
| http://www.vupen.com/english/advisories/2008/0814/references | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/28182 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/489358/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/29305 | third-party-advisory, x_refsource_SECUNIA | |
| http://securityreason.com/securityalert/3758 | third-party-advisory, x_refsource_SREASON | |
| https://www.exploit-db.com/exploits/5228 | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:24:41.487Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "acronissnap-pxeserver-directory-traversal(41074)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41074"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/acropxe-adv.txt"
},
{
"name": "ADV-2008-0814",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0814/references"
},
{
"name": "28182",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28182"
},
{
"name": "20080310 Directory traversal and NULL pointer in Acronis PXE Server 2.0.0.1076",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/489358/100/0/threaded"
},
{
"name": "29305",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29305"
},
{
"name": "3758",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3758"
},
{
"name": "5228",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5228"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the PXE Server (pxesrv.exe) in Acronis Snap Deploy 2.0.0.1076 and earlier allows remote attackers to read arbitrary files via directory traversal sequences to the TFTP service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "acronissnap-pxeserver-directory-traversal(41074)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41074"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/acropxe-adv.txt"
},
{
"name": "ADV-2008-0814",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0814/references"
},
{
"name": "28182",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28182"
},
{
"name": "20080310 Directory traversal and NULL pointer in Acronis PXE Server 2.0.0.1076",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/489358/100/0/threaded"
},
{
"name": "29305",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29305"
},
{
"name": "3758",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3758"
},
{
"name": "5228",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5228"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1410",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the PXE Server (pxesrv.exe) in Acronis Snap Deploy 2.0.0.1076 and earlier allows remote attackers to read arbitrary files via directory traversal sequences to the TFTP service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "acronissnap-pxeserver-directory-traversal(41074)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41074"
},
{
"name": "http://aluigi.altervista.org/adv/acropxe-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/acropxe-adv.txt"
},
{
"name": "ADV-2008-0814",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0814/references"
},
{
"name": "28182",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28182"
},
{
"name": "20080310 Directory traversal and NULL pointer in Acronis PXE Server 2.0.0.1076",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489358/100/0/threaded"
},
{
"name": "29305",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29305"
},
{
"name": "3758",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3758"
},
{
"name": "5228",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5228"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1410",
"datePublished": "2008-03-20T10:00:00",
"dateReserved": "2008-03-19T00:00:00",
"dateUpdated": "2024-08-07T08:24:41.487Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1411 (GCVE-0-2008-1411)
Vulnerability from cvelistv5
Published
2008-03-20 10:00
Modified
2024-08-07 08:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The PXE Server (pxesrv.exe) in Acronis Snap Deploy 2.0.0.1076 and earlier allows remote attackers to cause a denial of service (crash) via an incomplete TFTP request, which triggers a NULL pointer dereference.
References
| ▼ | URL | Tags |
|---|---|---|
| http://aluigi.altervista.org/adv/acropxe-adv.txt | x_refsource_MISC | |
| http://www.vupen.com/english/advisories/2008/0814/references | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/28182 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/41075 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/489358/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/29305 | third-party-advisory, x_refsource_SECUNIA | |
| http://securityreason.com/securityalert/3758 | third-party-advisory, x_refsource_SREASON | |
| https://www.exploit-db.com/exploits/5228 | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:24:41.322Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/acropxe-adv.txt"
},
{
"name": "ADV-2008-0814",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0814/references"
},
{
"name": "28182",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28182"
},
{
"name": "acronissnap-pxeserver-dos(41075)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41075"
},
{
"name": "20080310 Directory traversal and NULL pointer in Acronis PXE Server 2.0.0.1076",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/489358/100/0/threaded"
},
{
"name": "29305",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29305"
},
{
"name": "3758",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3758"
},
{
"name": "5228",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5228"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The PXE Server (pxesrv.exe) in Acronis Snap Deploy 2.0.0.1076 and earlier allows remote attackers to cause a denial of service (crash) via an incomplete TFTP request, which triggers a NULL pointer dereference."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/acropxe-adv.txt"
},
{
"name": "ADV-2008-0814",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0814/references"
},
{
"name": "28182",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28182"
},
{
"name": "acronissnap-pxeserver-dos(41075)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41075"
},
{
"name": "20080310 Directory traversal and NULL pointer in Acronis PXE Server 2.0.0.1076",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/489358/100/0/threaded"
},
{
"name": "29305",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29305"
},
{
"name": "3758",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3758"
},
{
"name": "5228",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5228"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1411",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The PXE Server (pxesrv.exe) in Acronis Snap Deploy 2.0.0.1076 and earlier allows remote attackers to cause a denial of service (crash) via an incomplete TFTP request, which triggers a NULL pointer dereference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://aluigi.altervista.org/adv/acropxe-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/acropxe-adv.txt"
},
{
"name": "ADV-2008-0814",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0814/references"
},
{
"name": "28182",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28182"
},
{
"name": "acronissnap-pxeserver-dos(41075)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41075"
},
{
"name": "20080310 Directory traversal and NULL pointer in Acronis PXE Server 2.0.0.1076",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489358/100/0/threaded"
},
{
"name": "29305",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29305"
},
{
"name": "3758",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3758"
},
{
"name": "5228",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5228"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1411",
"datePublished": "2008-03-20T10:00:00",
"dateReserved": "2008-03-19T00:00:00",
"dateUpdated": "2024-08-07T08:24:41.322Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-30695 (GCVE-0-2022-30695)
Vulnerability from cvelistv5
Published
2022-05-16 17:19
Modified
2024-09-17 04:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Snap Deploy (Windows) before build 3640
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-3080 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Acronis | Acronis Snap Deploy |
Version: unspecified < 3640 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:56:13.502Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3080"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows"
],
"product": "Acronis Snap Deploy",
"vendor": "Acronis",
"versions": [
{
"lessThan": "3640",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-05-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Snap Deploy (Windows) before build 3640"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-16T17:19:34",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3080"
}
],
"source": {
"advisory": "SEC-3080",
"defect": [
"SEC-3080"
],
"discovery": "INTERNAL"
},
"title": "Local privilege escalation due to excessive permissions assigned to child processes",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@acronis.com",
"DATE_PUBLIC": "2022-05-13T00:00:00.000Z",
"ID": "CVE-2022-30695",
"STATE": "PUBLIC",
"TITLE": "Local privilege escalation due to excessive permissions assigned to child processes"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Acronis Snap Deploy",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_value": "3640"
}
]
}
}
]
},
"vendor_name": "Acronis"
}
]
}
},
"credit": [],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Snap Deploy (Windows) before build 3640"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-250"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-advisory.acronis.com/advisories/SEC-3080",
"refsource": "MISC",
"url": "https://security-advisory.acronis.com/advisories/SEC-3080"
}
]
},
"source": {
"advisory": "SEC-3080",
"defect": [
"SEC-3080"
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2022-30695",
"datePublished": "2022-05-16T17:19:34.797192Z",
"dateReserved": "2022-05-13T00:00:00",
"dateUpdated": "2024-09-17T04:20:36.207Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-34017 (GCVE-0-2024-34017)
Vulnerability from cvelistv5
Published
2024-08-29 19:14
Modified
2024-08-29 19:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 4569.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-4505 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Acronis | Acronis Snap Deploy |
Version: unspecified ≤ |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:acronis:snap_deploy:*:*:*:*:*:windows:*:*"
],
"defaultStatus": "unknown",
"product": "snap_deploy",
"vendor": "acronis",
"versions": [
{
"lessThan": "4569",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-34017",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-29T19:38:05.985424Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T19:38:52.936Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Acronis Snap Deploy",
"vendor": "Acronis",
"versions": [
{
"lessThan": "4569",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 4569."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T19:14:19.067Z",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"name": "SEC-4505",
"tags": [
"vendor-advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-4505"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2024-34017",
"datePublished": "2024-08-29T19:14:19.067Z",
"dateReserved": "2024-04-29T15:33:32.846Z",
"dateUpdated": "2024-08-29T19:38:52.936Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-34019 (GCVE-0-2024-34019)
Vulnerability from cvelistv5
Published
2024-08-29 19:12
Modified
2024-08-29 19:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 4569.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-3079 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Acronis | Acronis Snap Deploy |
Version: unspecified ≤ |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:acronis:snap_deploy:*:*:*:*:*:windows:*:*"
],
"defaultStatus": "unknown",
"product": "snap_deploy",
"vendor": "acronis",
"versions": [
{
"lessThan": "4569",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-34019",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-29T19:40:19.357921Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T19:40:47.168Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Acronis Snap Deploy",
"vendor": "Acronis",
"versions": [
{
"lessThan": "4569",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "@mmg (https://hackerone.com/mmg)"
}
],
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 4569."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T19:12:46.700Z",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"name": "SEC-3079",
"tags": [
"vendor-advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3079"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2024-34019",
"datePublished": "2024-08-29T19:12:46.700Z",
"dateReserved": "2024-04-29T15:33:32.846Z",
"dateUpdated": "2024-08-29T19:40:47.168Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-30697 (GCVE-0-2022-30697)
Vulnerability from cvelistv5
Published
2022-05-16 17:20
Modified
2024-09-17 01:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Snap Deploy (Windows) before build 3640
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-3082 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Acronis | Acronis Snap Deploy |
Version: unspecified < 3640 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:56:13.804Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3082"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows"
],
"product": "Acronis Snap Deploy",
"vendor": "Acronis",
"versions": [
{
"lessThan": "3640",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "@mmg (https://hackerone.com/mmg)"
}
],
"datePublic": "2022-05-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Snap Deploy (Windows) before build 3640"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-16T17:20:32",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3082"
}
],
"source": {
"advisory": "SEC-3082",
"defect": [
"SEC-3082"
],
"discovery": "EXTERNAL"
},
"title": "Local privilege escalation due to insecure folder permissions",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@acronis.com",
"DATE_PUBLIC": "2022-05-13T00:00:00.000Z",
"ID": "CVE-2022-30697",
"STATE": "PUBLIC",
"TITLE": "Local privilege escalation due to insecure folder permissions"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Acronis Snap Deploy",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_value": "3640"
}
]
}
}
]
},
"vendor_name": "Acronis"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "@mmg (https://hackerone.com/mmg)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Snap Deploy (Windows) before build 3640"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-427"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-advisory.acronis.com/advisories/SEC-3082",
"refsource": "MISC",
"url": "https://security-advisory.acronis.com/advisories/SEC-3082"
}
]
},
"source": {
"advisory": "SEC-3082",
"defect": [
"SEC-3082"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2022-30697",
"datePublished": "2022-05-16T17:20:32.585942Z",
"dateReserved": "2022-05-13T00:00:00",
"dateUpdated": "2024-09-17T01:36:27.132Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-34018 (GCVE-0-2024-34018)
Vulnerability from cvelistv5
Published
2024-08-29 19:15
Modified
2024-08-29 19:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Snap Deploy (Windows) before build 4569.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-4196 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Acronis | Acronis Snap Deploy |
Version: unspecified ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-34018",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-29T19:39:10.587890Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T19:39:37.560Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Acronis Snap Deploy",
"vendor": "Acronis",
"versions": [
{
"lessThan": "4569",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "@mmg (https://hackerone.com/mmg)"
}
],
"descriptions": [
{
"lang": "en",
"value": "Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Snap Deploy (Windows) before build 4569."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T19:15:08.649Z",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"name": "SEC-4196",
"tags": [
"vendor-advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-4196"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2024-34018",
"datePublished": "2024-08-29T19:15:08.649Z",
"dateReserved": "2024-04-29T15:33:32.846Z",
"dateUpdated": "2024-08-29T19:39:37.560Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}