CVE-2021-32581 : Acronis True Image prior to 2021 Update 4 for Windows, Acronis True Image prior

Acronis True Image prior to 2021 Update 4 for Windows, Acronis True Image prior to 2021 Update 5 for Mac, Acronis Agent prior to build 26653, Acronis Cyber Protect prior to build 27009 did not implement SSL certificate validation.

Published 2021-08-05 20:15:09

Updated 2021-08-12 18:33:27

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2021-32581

Acronis » True Image » Version: 2021 For Macos
cpe:2.3:a:acronis:true_image:2021:-:*:*:*:macos:*:*
Matching versions
Acronis » True Image » Version: 2021 Update Update 1 For Macos
cpe:2.3:a:acronis:true_image:2021:update_1:*:*:*:macos:*:*
Matching versions
Acronis » True Image » Version: 2021 Update Update 2 For Macos
cpe:2.3:a:acronis:true_image:2021:update_2:*:*:*:macos:*:*
Matching versions
Acronis » True Image » Version: 2021 Update Update 3 For Macos
cpe:2.3:a:acronis:true_image:2021:update_3:*:*:*:macos:*:*
Matching versions
Acronis » True Image » Version: 2021 For Windows
cpe:2.3:a:acronis:true_image:2021:-:*:*:*:windows:*:*
Matching versions
Acronis » True Image » Version: 2021 Update Update 1 For Windows
cpe:2.3:a:acronis:true_image:2021:update_1:*:*:*:windows:*:*
Matching versions
Acronis » True Image » Version: 2021 Update Update 2 For Windows
cpe:2.3:a:acronis:true_image:2021:update_2:*:*:*:windows:*:*
Matching versions
Acronis » True Image » Version: 2021 Update Update 3 For Windows
cpe:2.3:a:acronis:true_image:2021:update_3:*:*:*:windows:*:*
Matching versions
Acronis » True Image » Version: 2021 Update Update 4 For Macos
cpe:2.3:a:acronis:true_image:2021:update_4:*:*:*:macos:*:*
Matching versions
Acronis » Cyber Protect Cloud
Versions before (<) 15.0.27009
cpe:2.3:a:acronis:cyber_protect_cloud:*:*:*:*:*:*:*:*
Matching versions
Acronis » Cyber Protection Agent
Versions before (<) 15.0.26653
cpe:2.3:a:acronis:cyber_protection_agent:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2021-32581

EPSS FAQ

0.16%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 33 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2021-32581

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:N	8.6	4.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: None
8.1	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N	2.8	5.2	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: None

CWE ids for CVE-2021-32581

CWE-295 Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2021-32581

https://kb.acronis.com/content/68413

Acronis True Image 2021 Update 5: Security Content | Knowledge Base
Vendor Advisory

CVEs referencing this url
https://kb.acronis.com/content/68648

Acronis Agent Update C21.03: Security Content | Knowledge Base
Vendor Advisory
https://kb.acronis.com/content/68419

Acronis True Image 2021 Update 4: Security Content | Knowledge Base
Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2021-32581

Products affected by CVE-2021-32581

Exploit prediction scoring system (EPSS) score for CVE-2021-32581

CVSS scores for CVE-2021-32581

CWE ids for CVE-2021-32581

References for CVE-2021-32581