Search
Find a vulnerability
Search criteria
18 vulnerabilities found for snap_deploy by acronis
CVE-2024-34019 (GCVE-0-2024-34019)
Vulnerability from nvd – Published: 2024-08-29 19:12 – Updated: 2024-08-29 19:40
VLAI
Summary
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 4569.
Severity
6.7 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://security-advisory.acronis.com/advisories/… | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Acronis | Acronis Snap Deploy |
Affected:
unspecified , < 4569
(semver)
|
|
| acronis | snap_deploy |
Affected:
0 , < 4569
(semver)
cpe:2.3:a:acronis:snap_deploy:*:*:*:*:*:windows:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:acronis:snap_deploy:*:*:*:*:*:windows:*:*"
],
"defaultStatus": "unknown",
"product": "snap_deploy",
"vendor": "acronis",
"versions": [
{
"lessThan": "4569",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-34019",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-29T19:40:19.357921Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T19:40:47.168Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Acronis Snap Deploy",
"vendor": "Acronis",
"versions": [
{
"lessThan": "4569",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "@mmg (https://hackerone.com/mmg)"
}
],
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 4569."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T19:12:46.700Z",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"name": "SEC-3079",
"tags": [
"vendor-advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3079"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2024-34019",
"datePublished": "2024-08-29T19:12:46.700Z",
"dateReserved": "2024-04-29T15:33:32.846Z",
"dateUpdated": "2024-08-29T19:40:47.168Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-34018 (GCVE-0-2024-34018)
Vulnerability from nvd – Published: 2024-08-29 19:15 – Updated: 2024-08-29 19:39
VLAI
Summary
Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Snap Deploy (Windows) before build 4569.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://security-advisory.acronis.com/advisories/… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Acronis | Acronis Snap Deploy |
Affected:
unspecified , < 4569
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-34018",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-29T19:39:10.587890Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T19:39:37.560Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Acronis Snap Deploy",
"vendor": "Acronis",
"versions": [
{
"lessThan": "4569",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "@mmg (https://hackerone.com/mmg)"
}
],
"descriptions": [
{
"lang": "en",
"value": "Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Snap Deploy (Windows) before build 4569."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T19:15:08.649Z",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"name": "SEC-4196",
"tags": [
"vendor-advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-4196"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2024-34018",
"datePublished": "2024-08-29T19:15:08.649Z",
"dateReserved": "2024-04-29T15:33:32.846Z",
"dateUpdated": "2024-08-29T19:39:37.560Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-34017 (GCVE-0-2024-34017)
Vulnerability from nvd – Published: 2024-08-29 19:14 – Updated: 2024-08-29 19:38
VLAI
Summary
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 4569.
Severity
6.7 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://security-advisory.acronis.com/advisories/… | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Acronis | Acronis Snap Deploy |
Affected:
unspecified , < 4569
(semver)
|
|
| acronis | snap_deploy |
Affected:
0 , < 4569
(semver)
cpe:2.3:a:acronis:snap_deploy:*:*:*:*:*:windows:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:acronis:snap_deploy:*:*:*:*:*:windows:*:*"
],
"defaultStatus": "unknown",
"product": "snap_deploy",
"vendor": "acronis",
"versions": [
{
"lessThan": "4569",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-34017",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-29T19:38:05.985424Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T19:38:52.936Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Acronis Snap Deploy",
"vendor": "Acronis",
"versions": [
{
"lessThan": "4569",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 4569."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T19:14:19.067Z",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"name": "SEC-4505",
"tags": [
"vendor-advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-4505"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2024-34017",
"datePublished": "2024-08-29T19:14:19.067Z",
"dateReserved": "2024-04-29T15:33:32.846Z",
"dateUpdated": "2024-08-29T19:38:52.936Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2355 (GCVE-0-2023-2355)
Vulnerability from nvd – Published: 2023-04-27 18:45 – Updated: 2025-01-30 20:49
VLAI
Summary
Local privilege escalation due to a DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 3900.
Severity
6.7 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://security-advisory.acronis.com/advisories/… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Acronis | Acronis Snap Deploy |
Affected:
unspecified , < 3900
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:19:14.887Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SEC-4048",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-4048"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2355",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-30T20:49:51.804566Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-30T20:49:56.542Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Acronis Snap Deploy",
"vendor": "Acronis",
"versions": [
{
"lessThan": "3900",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation due to a DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 3900."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-27T18:45:26.176Z",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"name": "SEC-4048",
"tags": [
"vendor-advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-4048"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2023-2355",
"datePublished": "2023-04-27T18:45:26.176Z",
"dateReserved": "2023-04-27T17:41:37.597Z",
"dateUpdated": "2025-01-30T20:49:56.542Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-30697 (GCVE-0-2022-30697)
Vulnerability from nvd – Published: 2022-05-16 17:20 – Updated: 2024-09-17 01:36
VLAI
Title
Local privilege escalation due to insecure folder permissions
Summary
Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Snap Deploy (Windows) before build 3640
Severity
No CVSS data available.
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://security-advisory.acronis.com/advisories/… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Acronis | Acronis Snap Deploy |
Affected:
unspecified , < 3640
(custom)
|
Date Public
2022-05-13 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:56:13.804Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3082"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows"
],
"product": "Acronis Snap Deploy",
"vendor": "Acronis",
"versions": [
{
"lessThan": "3640",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "@mmg (https://hackerone.com/mmg)"
}
],
"datePublic": "2022-05-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Snap Deploy (Windows) before build 3640"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-16T17:20:32.000Z",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3082"
}
],
"source": {
"advisory": "SEC-3082",
"defect": [
"SEC-3082"
],
"discovery": "EXTERNAL"
},
"title": "Local privilege escalation due to insecure folder permissions",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@acronis.com",
"DATE_PUBLIC": "2022-05-13T00:00:00.000Z",
"ID": "CVE-2022-30697",
"STATE": "PUBLIC",
"TITLE": "Local privilege escalation due to insecure folder permissions"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Acronis Snap Deploy",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_value": "3640"
}
]
}
}
]
},
"vendor_name": "Acronis"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "@mmg (https://hackerone.com/mmg)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Snap Deploy (Windows) before build 3640"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-427"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-advisory.acronis.com/advisories/SEC-3082",
"refsource": "MISC",
"url": "https://security-advisory.acronis.com/advisories/SEC-3082"
}
]
},
"source": {
"advisory": "SEC-3082",
"defect": [
"SEC-3082"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2022-30697",
"datePublished": "2022-05-16T17:20:32.585Z",
"dateReserved": "2022-05-13T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:36:27.132Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-30696 (GCVE-0-2022-30696)
Vulnerability from nvd – Published: 2022-05-16 17:20 – Updated: 2024-09-17 00:25
VLAI
Title
Local privilege escalation due to a DLL hijacking vulnerability
Summary
Local privilege escalation due to a DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 3640
Severity
No CVSS data available.
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://security-advisory.acronis.com/advisories/… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Acronis | Acronis Snap Deploy |
Affected:
unspecified , < 3640
(custom)
|
Date Public
2022-05-13 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:56:13.592Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3081"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows"
],
"product": "Acronis Snap Deploy",
"vendor": "Acronis",
"versions": [
{
"lessThan": "3640",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "@mmg (https://hackerone.com/mmg)"
}
],
"datePublic": "2022-05-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation due to a DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 3640"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-16T17:20:02.000Z",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3081"
}
],
"source": {
"advisory": "SEC-3081",
"defect": [
"SEC-3081"
],
"discovery": "EXTERNAL"
},
"title": "Local privilege escalation due to a DLL hijacking vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@acronis.com",
"DATE_PUBLIC": "2022-05-13T00:00:00.000Z",
"ID": "CVE-2022-30696",
"STATE": "PUBLIC",
"TITLE": "Local privilege escalation due to a DLL hijacking vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Acronis Snap Deploy",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_value": "3640"
}
]
}
}
]
},
"vendor_name": "Acronis"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "@mmg (https://hackerone.com/mmg)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Local privilege escalation due to a DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 3640"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-427"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-advisory.acronis.com/advisories/SEC-3081",
"refsource": "MISC",
"url": "https://security-advisory.acronis.com/advisories/SEC-3081"
}
]
},
"source": {
"advisory": "SEC-3081",
"defect": [
"SEC-3081"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2022-30696",
"datePublished": "2022-05-16T17:20:02.194Z",
"dateReserved": "2022-05-13T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:25:50.944Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-30695 (GCVE-0-2022-30695)
Vulnerability from nvd – Published: 2022-05-16 17:19 – Updated: 2024-09-17 04:20
VLAI
Title
Local privilege escalation due to excessive permissions assigned to child processes
Summary
Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Snap Deploy (Windows) before build 3640
Severity
No CVSS data available.
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://security-advisory.acronis.com/advisories/… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Acronis | Acronis Snap Deploy |
Affected:
unspecified , < 3640
(custom)
|
Date Public
2022-05-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:56:13.502Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3080"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows"
],
"product": "Acronis Snap Deploy",
"vendor": "Acronis",
"versions": [
{
"lessThan": "3640",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-05-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Snap Deploy (Windows) before build 3640"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-16T17:19:34.000Z",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3080"
}
],
"source": {
"advisory": "SEC-3080",
"defect": [
"SEC-3080"
],
"discovery": "INTERNAL"
},
"title": "Local privilege escalation due to excessive permissions assigned to child processes",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@acronis.com",
"DATE_PUBLIC": "2022-05-13T00:00:00.000Z",
"ID": "CVE-2022-30695",
"STATE": "PUBLIC",
"TITLE": "Local privilege escalation due to excessive permissions assigned to child processes"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Acronis Snap Deploy",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_value": "3640"
}
]
}
}
]
},
"vendor_name": "Acronis"
}
]
}
},
"credit": [],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Snap Deploy (Windows) before build 3640"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-250"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-advisory.acronis.com/advisories/SEC-3080",
"refsource": "MISC",
"url": "https://security-advisory.acronis.com/advisories/SEC-3080"
}
]
},
"source": {
"advisory": "SEC-3080",
"defect": [
"SEC-3080"
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2022-30695",
"datePublished": "2022-05-16T17:19:34.797Z",
"dateReserved": "2022-05-13T00:00:00.000Z",
"dateUpdated": "2024-09-17T04:20:36.207Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1411 (GCVE-0-2008-1411)
Vulnerability from nvd – Published: 2008-03-20 10:00 – Updated: 2024-08-07 08:24
VLAI
Summary
The PXE Server (pxesrv.exe) in Acronis Snap Deploy 2.0.0.1076 and earlier allows remote attackers to cause a denial of service (crash) via an incomplete TFTP request, which triggers a NULL pointer dereference.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://aluigi.altervista.org/adv/acropxe-adv.txt | x_refsource_MISC |
| http://www.vupen.com/english/advisories/2008/0814… | vdb-entryx_refsource_VUPEN |
| http://www.securityfocus.com/bid/28182 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/archive/1/489358/100… | mailing-listx_refsource_BUGTRAQ |
| http://secunia.com/advisories/29305 | third-party-advisoryx_refsource_SECUNIA |
| http://securityreason.com/securityalert/3758 | third-party-advisoryx_refsource_SREASON |
| https://www.exploit-db.com/exploits/5228 | exploitx_refsource_EXPLOIT-DB |
Date Public
2008-03-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:24:41.322Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/acropxe-adv.txt"
},
{
"name": "ADV-2008-0814",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0814/references"
},
{
"name": "28182",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28182"
},
{
"name": "acronissnap-pxeserver-dos(41075)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41075"
},
{
"name": "20080310 Directory traversal and NULL pointer in Acronis PXE Server 2.0.0.1076",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/489358/100/0/threaded"
},
{
"name": "29305",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29305"
},
{
"name": "3758",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3758"
},
{
"name": "5228",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5228"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The PXE Server (pxesrv.exe) in Acronis Snap Deploy 2.0.0.1076 and earlier allows remote attackers to cause a denial of service (crash) via an incomplete TFTP request, which triggers a NULL pointer dereference."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/acropxe-adv.txt"
},
{
"name": "ADV-2008-0814",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0814/references"
},
{
"name": "28182",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28182"
},
{
"name": "acronissnap-pxeserver-dos(41075)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41075"
},
{
"name": "20080310 Directory traversal and NULL pointer in Acronis PXE Server 2.0.0.1076",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/489358/100/0/threaded"
},
{
"name": "29305",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29305"
},
{
"name": "3758",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3758"
},
{
"name": "5228",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5228"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1411",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The PXE Server (pxesrv.exe) in Acronis Snap Deploy 2.0.0.1076 and earlier allows remote attackers to cause a denial of service (crash) via an incomplete TFTP request, which triggers a NULL pointer dereference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://aluigi.altervista.org/adv/acropxe-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/acropxe-adv.txt"
},
{
"name": "ADV-2008-0814",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0814/references"
},
{
"name": "28182",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28182"
},
{
"name": "acronissnap-pxeserver-dos(41075)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41075"
},
{
"name": "20080310 Directory traversal and NULL pointer in Acronis PXE Server 2.0.0.1076",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489358/100/0/threaded"
},
{
"name": "29305",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29305"
},
{
"name": "3758",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3758"
},
{
"name": "5228",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5228"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1411",
"datePublished": "2008-03-20T10:00:00.000Z",
"dateReserved": "2008-03-19T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:24:41.322Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1410 (GCVE-0-2008-1410)
Vulnerability from nvd – Published: 2008-03-20 10:00 – Updated: 2024-08-07 08:24
VLAI
Summary
Directory traversal vulnerability in the PXE Server (pxesrv.exe) in Acronis Snap Deploy 2.0.0.1076 and earlier allows remote attackers to read arbitrary files via directory traversal sequences to the TFTP service.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://aluigi.altervista.org/adv/acropxe-adv.txt | x_refsource_MISC |
| http://www.vupen.com/english/advisories/2008/0814… | vdb-entryx_refsource_VUPEN |
| http://www.securityfocus.com/bid/28182 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/archive/1/489358/100… | mailing-listx_refsource_BUGTRAQ |
| http://secunia.com/advisories/29305 | third-party-advisoryx_refsource_SECUNIA |
| http://securityreason.com/securityalert/3758 | third-party-advisoryx_refsource_SREASON |
| https://www.exploit-db.com/exploits/5228 | exploitx_refsource_EXPLOIT-DB |
Date Public
2008-03-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:24:41.487Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "acronissnap-pxeserver-directory-traversal(41074)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41074"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/acropxe-adv.txt"
},
{
"name": "ADV-2008-0814",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0814/references"
},
{
"name": "28182",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28182"
},
{
"name": "20080310 Directory traversal and NULL pointer in Acronis PXE Server 2.0.0.1076",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/489358/100/0/threaded"
},
{
"name": "29305",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29305"
},
{
"name": "3758",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3758"
},
{
"name": "5228",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5228"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the PXE Server (pxesrv.exe) in Acronis Snap Deploy 2.0.0.1076 and earlier allows remote attackers to read arbitrary files via directory traversal sequences to the TFTP service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "acronissnap-pxeserver-directory-traversal(41074)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41074"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/acropxe-adv.txt"
},
{
"name": "ADV-2008-0814",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0814/references"
},
{
"name": "28182",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28182"
},
{
"name": "20080310 Directory traversal and NULL pointer in Acronis PXE Server 2.0.0.1076",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/489358/100/0/threaded"
},
{
"name": "29305",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29305"
},
{
"name": "3758",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3758"
},
{
"name": "5228",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5228"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1410",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the PXE Server (pxesrv.exe) in Acronis Snap Deploy 2.0.0.1076 and earlier allows remote attackers to read arbitrary files via directory traversal sequences to the TFTP service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "acronissnap-pxeserver-directory-traversal(41074)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41074"
},
{
"name": "http://aluigi.altervista.org/adv/acropxe-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/acropxe-adv.txt"
},
{
"name": "ADV-2008-0814",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0814/references"
},
{
"name": "28182",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28182"
},
{
"name": "20080310 Directory traversal and NULL pointer in Acronis PXE Server 2.0.0.1076",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489358/100/0/threaded"
},
{
"name": "29305",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29305"
},
{
"name": "3758",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3758"
},
{
"name": "5228",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5228"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1410",
"datePublished": "2008-03-20T10:00:00.000Z",
"dateReserved": "2008-03-19T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:24:41.487Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-34018 (GCVE-0-2024-34018)
Vulnerability from cvelistv5 – Published: 2024-08-29 19:15 – Updated: 2024-08-29 19:39
VLAI
Summary
Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Snap Deploy (Windows) before build 4569.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://security-advisory.acronis.com/advisories/… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Acronis | Acronis Snap Deploy |
Affected:
unspecified , < 4569
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-34018",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-29T19:39:10.587890Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T19:39:37.560Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Acronis Snap Deploy",
"vendor": "Acronis",
"versions": [
{
"lessThan": "4569",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "@mmg (https://hackerone.com/mmg)"
}
],
"descriptions": [
{
"lang": "en",
"value": "Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Snap Deploy (Windows) before build 4569."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T19:15:08.649Z",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"name": "SEC-4196",
"tags": [
"vendor-advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-4196"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2024-34018",
"datePublished": "2024-08-29T19:15:08.649Z",
"dateReserved": "2024-04-29T15:33:32.846Z",
"dateUpdated": "2024-08-29T19:39:37.560Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-34017 (GCVE-0-2024-34017)
Vulnerability from cvelistv5 – Published: 2024-08-29 19:14 – Updated: 2024-08-29 19:38
VLAI
Summary
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 4569.
Severity
6.7 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://security-advisory.acronis.com/advisories/… | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Acronis | Acronis Snap Deploy |
Affected:
unspecified , < 4569
(semver)
|
|
| acronis | snap_deploy |
Affected:
0 , < 4569
(semver)
cpe:2.3:a:acronis:snap_deploy:*:*:*:*:*:windows:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:acronis:snap_deploy:*:*:*:*:*:windows:*:*"
],
"defaultStatus": "unknown",
"product": "snap_deploy",
"vendor": "acronis",
"versions": [
{
"lessThan": "4569",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-34017",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-29T19:38:05.985424Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T19:38:52.936Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Acronis Snap Deploy",
"vendor": "Acronis",
"versions": [
{
"lessThan": "4569",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 4569."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T19:14:19.067Z",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"name": "SEC-4505",
"tags": [
"vendor-advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-4505"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2024-34017",
"datePublished": "2024-08-29T19:14:19.067Z",
"dateReserved": "2024-04-29T15:33:32.846Z",
"dateUpdated": "2024-08-29T19:38:52.936Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-34019 (GCVE-0-2024-34019)
Vulnerability from cvelistv5 – Published: 2024-08-29 19:12 – Updated: 2024-08-29 19:40
VLAI
Summary
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 4569.
Severity
6.7 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://security-advisory.acronis.com/advisories/… | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Acronis | Acronis Snap Deploy |
Affected:
unspecified , < 4569
(semver)
|
|
| acronis | snap_deploy |
Affected:
0 , < 4569
(semver)
cpe:2.3:a:acronis:snap_deploy:*:*:*:*:*:windows:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:acronis:snap_deploy:*:*:*:*:*:windows:*:*"
],
"defaultStatus": "unknown",
"product": "snap_deploy",
"vendor": "acronis",
"versions": [
{
"lessThan": "4569",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-34019",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-29T19:40:19.357921Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T19:40:47.168Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Acronis Snap Deploy",
"vendor": "Acronis",
"versions": [
{
"lessThan": "4569",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "@mmg (https://hackerone.com/mmg)"
}
],
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 4569."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T19:12:46.700Z",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"name": "SEC-3079",
"tags": [
"vendor-advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3079"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2024-34019",
"datePublished": "2024-08-29T19:12:46.700Z",
"dateReserved": "2024-04-29T15:33:32.846Z",
"dateUpdated": "2024-08-29T19:40:47.168Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2355 (GCVE-0-2023-2355)
Vulnerability from cvelistv5 – Published: 2023-04-27 18:45 – Updated: 2025-01-30 20:49
VLAI
Summary
Local privilege escalation due to a DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 3900.
Severity
6.7 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://security-advisory.acronis.com/advisories/… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Acronis | Acronis Snap Deploy |
Affected:
unspecified , < 3900
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:19:14.887Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SEC-4048",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-4048"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2355",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-30T20:49:51.804566Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-30T20:49:56.542Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Acronis Snap Deploy",
"vendor": "Acronis",
"versions": [
{
"lessThan": "3900",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation due to a DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 3900."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-27T18:45:26.176Z",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"name": "SEC-4048",
"tags": [
"vendor-advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-4048"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2023-2355",
"datePublished": "2023-04-27T18:45:26.176Z",
"dateReserved": "2023-04-27T17:41:37.597Z",
"dateUpdated": "2025-01-30T20:49:56.542Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-30697 (GCVE-0-2022-30697)
Vulnerability from cvelistv5 – Published: 2022-05-16 17:20 – Updated: 2024-09-17 01:36
VLAI
Title
Local privilege escalation due to insecure folder permissions
Summary
Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Snap Deploy (Windows) before build 3640
Severity
No CVSS data available.
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://security-advisory.acronis.com/advisories/… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Acronis | Acronis Snap Deploy |
Affected:
unspecified , < 3640
(custom)
|
Date Public
2022-05-13 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:56:13.804Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3082"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows"
],
"product": "Acronis Snap Deploy",
"vendor": "Acronis",
"versions": [
{
"lessThan": "3640",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "@mmg (https://hackerone.com/mmg)"
}
],
"datePublic": "2022-05-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Snap Deploy (Windows) before build 3640"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-16T17:20:32.000Z",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3082"
}
],
"source": {
"advisory": "SEC-3082",
"defect": [
"SEC-3082"
],
"discovery": "EXTERNAL"
},
"title": "Local privilege escalation due to insecure folder permissions",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@acronis.com",
"DATE_PUBLIC": "2022-05-13T00:00:00.000Z",
"ID": "CVE-2022-30697",
"STATE": "PUBLIC",
"TITLE": "Local privilege escalation due to insecure folder permissions"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Acronis Snap Deploy",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_value": "3640"
}
]
}
}
]
},
"vendor_name": "Acronis"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "@mmg (https://hackerone.com/mmg)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Snap Deploy (Windows) before build 3640"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-427"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-advisory.acronis.com/advisories/SEC-3082",
"refsource": "MISC",
"url": "https://security-advisory.acronis.com/advisories/SEC-3082"
}
]
},
"source": {
"advisory": "SEC-3082",
"defect": [
"SEC-3082"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2022-30697",
"datePublished": "2022-05-16T17:20:32.585Z",
"dateReserved": "2022-05-13T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:36:27.132Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-30696 (GCVE-0-2022-30696)
Vulnerability from cvelistv5 – Published: 2022-05-16 17:20 – Updated: 2024-09-17 00:25
VLAI
Title
Local privilege escalation due to a DLL hijacking vulnerability
Summary
Local privilege escalation due to a DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 3640
Severity
No CVSS data available.
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://security-advisory.acronis.com/advisories/… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Acronis | Acronis Snap Deploy |
Affected:
unspecified , < 3640
(custom)
|
Date Public
2022-05-13 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:56:13.592Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3081"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows"
],
"product": "Acronis Snap Deploy",
"vendor": "Acronis",
"versions": [
{
"lessThan": "3640",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "@mmg (https://hackerone.com/mmg)"
}
],
"datePublic": "2022-05-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation due to a DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 3640"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-16T17:20:02.000Z",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3081"
}
],
"source": {
"advisory": "SEC-3081",
"defect": [
"SEC-3081"
],
"discovery": "EXTERNAL"
},
"title": "Local privilege escalation due to a DLL hijacking vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@acronis.com",
"DATE_PUBLIC": "2022-05-13T00:00:00.000Z",
"ID": "CVE-2022-30696",
"STATE": "PUBLIC",
"TITLE": "Local privilege escalation due to a DLL hijacking vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Acronis Snap Deploy",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_value": "3640"
}
]
}
}
]
},
"vendor_name": "Acronis"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "@mmg (https://hackerone.com/mmg)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Local privilege escalation due to a DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 3640"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-427"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-advisory.acronis.com/advisories/SEC-3081",
"refsource": "MISC",
"url": "https://security-advisory.acronis.com/advisories/SEC-3081"
}
]
},
"source": {
"advisory": "SEC-3081",
"defect": [
"SEC-3081"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2022-30696",
"datePublished": "2022-05-16T17:20:02.194Z",
"dateReserved": "2022-05-13T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:25:50.944Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-30695 (GCVE-0-2022-30695)
Vulnerability from cvelistv5 – Published: 2022-05-16 17:19 – Updated: 2024-09-17 04:20
VLAI
Title
Local privilege escalation due to excessive permissions assigned to child processes
Summary
Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Snap Deploy (Windows) before build 3640
Severity
No CVSS data available.
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://security-advisory.acronis.com/advisories/… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Acronis | Acronis Snap Deploy |
Affected:
unspecified , < 3640
(custom)
|
Date Public
2022-05-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:56:13.502Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3080"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows"
],
"product": "Acronis Snap Deploy",
"vendor": "Acronis",
"versions": [
{
"lessThan": "3640",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-05-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Snap Deploy (Windows) before build 3640"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-16T17:19:34.000Z",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-3080"
}
],
"source": {
"advisory": "SEC-3080",
"defect": [
"SEC-3080"
],
"discovery": "INTERNAL"
},
"title": "Local privilege escalation due to excessive permissions assigned to child processes",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@acronis.com",
"DATE_PUBLIC": "2022-05-13T00:00:00.000Z",
"ID": "CVE-2022-30695",
"STATE": "PUBLIC",
"TITLE": "Local privilege escalation due to excessive permissions assigned to child processes"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Acronis Snap Deploy",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_value": "3640"
}
]
}
}
]
},
"vendor_name": "Acronis"
}
]
}
},
"credit": [],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Snap Deploy (Windows) before build 3640"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-250"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-advisory.acronis.com/advisories/SEC-3080",
"refsource": "MISC",
"url": "https://security-advisory.acronis.com/advisories/SEC-3080"
}
]
},
"source": {
"advisory": "SEC-3080",
"defect": [
"SEC-3080"
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2022-30695",
"datePublished": "2022-05-16T17:19:34.797Z",
"dateReserved": "2022-05-13T00:00:00.000Z",
"dateUpdated": "2024-09-17T04:20:36.207Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1411 (GCVE-0-2008-1411)
Vulnerability from cvelistv5 – Published: 2008-03-20 10:00 – Updated: 2024-08-07 08:24
VLAI
Summary
The PXE Server (pxesrv.exe) in Acronis Snap Deploy 2.0.0.1076 and earlier allows remote attackers to cause a denial of service (crash) via an incomplete TFTP request, which triggers a NULL pointer dereference.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://aluigi.altervista.org/adv/acropxe-adv.txt | x_refsource_MISC |
| http://www.vupen.com/english/advisories/2008/0814… | vdb-entryx_refsource_VUPEN |
| http://www.securityfocus.com/bid/28182 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/archive/1/489358/100… | mailing-listx_refsource_BUGTRAQ |
| http://secunia.com/advisories/29305 | third-party-advisoryx_refsource_SECUNIA |
| http://securityreason.com/securityalert/3758 | third-party-advisoryx_refsource_SREASON |
| https://www.exploit-db.com/exploits/5228 | exploitx_refsource_EXPLOIT-DB |
Date Public
2008-03-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:24:41.322Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/acropxe-adv.txt"
},
{
"name": "ADV-2008-0814",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0814/references"
},
{
"name": "28182",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28182"
},
{
"name": "acronissnap-pxeserver-dos(41075)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41075"
},
{
"name": "20080310 Directory traversal and NULL pointer in Acronis PXE Server 2.0.0.1076",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/489358/100/0/threaded"
},
{
"name": "29305",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29305"
},
{
"name": "3758",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3758"
},
{
"name": "5228",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5228"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The PXE Server (pxesrv.exe) in Acronis Snap Deploy 2.0.0.1076 and earlier allows remote attackers to cause a denial of service (crash) via an incomplete TFTP request, which triggers a NULL pointer dereference."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/acropxe-adv.txt"
},
{
"name": "ADV-2008-0814",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0814/references"
},
{
"name": "28182",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28182"
},
{
"name": "acronissnap-pxeserver-dos(41075)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41075"
},
{
"name": "20080310 Directory traversal and NULL pointer in Acronis PXE Server 2.0.0.1076",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/489358/100/0/threaded"
},
{
"name": "29305",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29305"
},
{
"name": "3758",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3758"
},
{
"name": "5228",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5228"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1411",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The PXE Server (pxesrv.exe) in Acronis Snap Deploy 2.0.0.1076 and earlier allows remote attackers to cause a denial of service (crash) via an incomplete TFTP request, which triggers a NULL pointer dereference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://aluigi.altervista.org/adv/acropxe-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/acropxe-adv.txt"
},
{
"name": "ADV-2008-0814",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0814/references"
},
{
"name": "28182",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28182"
},
{
"name": "acronissnap-pxeserver-dos(41075)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41075"
},
{
"name": "20080310 Directory traversal and NULL pointer in Acronis PXE Server 2.0.0.1076",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489358/100/0/threaded"
},
{
"name": "29305",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29305"
},
{
"name": "3758",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3758"
},
{
"name": "5228",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5228"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1411",
"datePublished": "2008-03-20T10:00:00.000Z",
"dateReserved": "2008-03-19T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:24:41.322Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1410 (GCVE-0-2008-1410)
Vulnerability from cvelistv5 – Published: 2008-03-20 10:00 – Updated: 2024-08-07 08:24
VLAI
Summary
Directory traversal vulnerability in the PXE Server (pxesrv.exe) in Acronis Snap Deploy 2.0.0.1076 and earlier allows remote attackers to read arbitrary files via directory traversal sequences to the TFTP service.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://aluigi.altervista.org/adv/acropxe-adv.txt | x_refsource_MISC |
| http://www.vupen.com/english/advisories/2008/0814… | vdb-entryx_refsource_VUPEN |
| http://www.securityfocus.com/bid/28182 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/archive/1/489358/100… | mailing-listx_refsource_BUGTRAQ |
| http://secunia.com/advisories/29305 | third-party-advisoryx_refsource_SECUNIA |
| http://securityreason.com/securityalert/3758 | third-party-advisoryx_refsource_SREASON |
| https://www.exploit-db.com/exploits/5228 | exploitx_refsource_EXPLOIT-DB |
Date Public
2008-03-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:24:41.487Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "acronissnap-pxeserver-directory-traversal(41074)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41074"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/acropxe-adv.txt"
},
{
"name": "ADV-2008-0814",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0814/references"
},
{
"name": "28182",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28182"
},
{
"name": "20080310 Directory traversal and NULL pointer in Acronis PXE Server 2.0.0.1076",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/489358/100/0/threaded"
},
{
"name": "29305",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29305"
},
{
"name": "3758",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3758"
},
{
"name": "5228",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5228"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the PXE Server (pxesrv.exe) in Acronis Snap Deploy 2.0.0.1076 and earlier allows remote attackers to read arbitrary files via directory traversal sequences to the TFTP service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "acronissnap-pxeserver-directory-traversal(41074)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41074"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/acropxe-adv.txt"
},
{
"name": "ADV-2008-0814",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0814/references"
},
{
"name": "28182",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28182"
},
{
"name": "20080310 Directory traversal and NULL pointer in Acronis PXE Server 2.0.0.1076",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/489358/100/0/threaded"
},
{
"name": "29305",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29305"
},
{
"name": "3758",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3758"
},
{
"name": "5228",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5228"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1410",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the PXE Server (pxesrv.exe) in Acronis Snap Deploy 2.0.0.1076 and earlier allows remote attackers to read arbitrary files via directory traversal sequences to the TFTP service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "acronissnap-pxeserver-directory-traversal(41074)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41074"
},
{
"name": "http://aluigi.altervista.org/adv/acropxe-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/acropxe-adv.txt"
},
{
"name": "ADV-2008-0814",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0814/references"
},
{
"name": "28182",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28182"
},
{
"name": "20080310 Directory traversal and NULL pointer in Acronis PXE Server 2.0.0.1076",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489358/100/0/threaded"
},
{
"name": "29305",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29305"
},
{
"name": "3758",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3758"
},
{
"name": "5228",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5228"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1410",
"datePublished": "2008-03-20T10:00:00.000Z",
"dateReserved": "2008-03-19T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:24:41.487Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}